iSCSI Boot Draft Goal: Address last-minute requirement of boot security Address boot communication security only Boot image integrity outside purview Software stage: not allowed in a Secure Boot because of integrity issues DHCP stage: use IPSEC (common in wireless networks), takes care of IP addr initialization problem B. Aboba: suggest use DHCP-auth (like ESP in IPsec) Question for the IPS WG do we want another protocol at boot SLP stage: not allowed B. Aboba: suggest use of SLPv2 as specified in [IIPSSec] Accepted |