[secdir] Secdir Review of draft-ietf-storm-iscsi-sam-06
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 25 July 2012 14:22 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F7B21F84DA; Wed, 25 Jul 2012 07:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.926
X-Spam-Level:
X-Spam-Status: No, score=-102.926 tagged_above=-999 required=5 tests=[AWL=-0.327, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iJhhSWbmXS9; Wed, 25 Jul 2012 07:22:30 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2999921F84D6; Wed, 25 Jul 2012 07:22:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1343226204; d=isode.com; s=selector; i=@isode.com; bh=gKbBx17M9WLjltmsQ0uanSZU8cb7IerdOdkuBTa7HN4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=kpcsa8befJMASsNgB0TrDug90ENoOK09tIjgieW/TJDfMzrW7/0C1+IqhsJk8/Yed6Ooii 6YJj+ka9TfaCsaZ+W8oRo9GirZ3jt5QhZHPpboGmmacdNfyygn2Al6SMWlvH52Mg4wYiCr yM/Hl9rJDSUrqx0OzrQeqzFSWqfypwM=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <UBABXAAkREIl@waldorf.isode.com>; Wed, 25 Jul 2012 15:23:24 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <50100124.4040403@isode.com>
Date: Wed, 25 Jul 2012 15:22:28 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-storm-iscsi-sam.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] Secdir Review of draft-ietf-storm-iscsi-sam-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2012 14:22:31 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The iSCSI protocol as specified in [draft-ietf-storm-iscsi-cons-xx] (and as previously specified by the combination of RFC 3720 and RFC 5048) is based on the SAM-2 (SCSI Architecture Model - 2) version of the SCSI family of protocols. This document defines enhancements to the iSCSI protocol to support certain additional features of the SCSI protocol that were defined in SAM-3, SAM-4, and SAM-5. In particular the document adds: 1) Command Priority field 2) Several new commands: 9 - QUERY TASK - determines if the command identified by the Referenced Task Tag field is present in the task set. 10 - QUERY TASK SET - determine if any command is present in the task set for the I_T_L Nexus on which the task management function was received. 11 - I_T NEXUS RESET - perform an I_T nexus loss function (see [SAM5]) for the I_T nexus on which the task management function was received. 12 - QUERY ASYNCHRONOUS EVENT - determine if there is a unit attention condition or a deferred error pending for the I_T_L nexus on which the task management function was received. And a new response code that they use. The document sends readers to review Security Considerations from RFC 3720. This is probably appropriate, as extensions added by this document are minor and don't seem to change iSCSI model much. One thing that might be missing is some text about abuse of the priority field to perform Denial-of-service or to gain better service. Other comments on the document (consider them minor, but I think editors should think about these): The document can't decide which RFC for iSCSI it is referencing... Which one should be used in the new IANA registries created? Repeating the list of Task Management Functions defined in another document is not a good idea. What if another extension adds additional functions?
- [secdir] Secdir Review of draft-ietf-storm-iscsi-… Alexey Melnikov
- Re: [secdir] Secdir Review of draft-ietf-storm-is… david.black