Accredited Standards Committee*
InterNational Committee for Information Technology Standards (INCITS)
|
SCSI Commands, Architecture, & Protocol Security Working Group Meeting -- April 17, 2007 |
|||
1. Opening Remarks
2. Approval of Agenda
3. Attendance and Membership
4. Command Set Topics
4.1 SCSI Primary Commands Proposals
4.1.1 SPC-4 CDB Encapsulation Alternatives (07-158r0) [Weber]
5. Security
5.1 SPC-4: Establishing a Security Association using IKEv2 (06-449r3) [Ball & Black]
5.2 Capability based Command Security (07-069r3) [Penokie]
5.3 Command Security via SAs (07-149r0) [Weber]
5.4 ESP-SCSI for Parameter Data (07-169r0) [Weber]
5.5 SPC-4 request for security protocol (07-184r0) [Ballard]
6. Old Business
7. New Business
8. Review of Recommendations to the Plenary
9. Meeting Schedule
10. Adjournment
George Penokie called the meeting to order at 9:00 a.m. Tuesday, April 17, 2007. He thanked Rob Elliott of HP and Kurt Cox of Amphenol for hosting the meeting. As usual, the people present introduced themselves.
The draft agenda was approved with no following additions or changes.
No items were added/revised during the course of the meeting.
Attendance at working group meetings does not count toward minimum attendance requirements for T10 membership. Working group meetings are open to any person or organization directly and materially affected by T10's scope of work. The following people attended the meeting:
Name S Organization
------------------------------------ -- ------------------------------------
Mr. David Peterson P Brocade
Mr. William McFerrin V DataPlay
Mr. Gideon Avida P Decru
Mr. Kevin Marks P Dell, Inc.
Mr. David Black A EMC Corp.
Mr. William Martin P Emulex
Mr. Ralph O. Weber P ENDL Texas
Mr. Rob Elliott P Hewlett Packard Co.
Mr. Steven Fairchild V Hewlett Packard Co.
Mr. Joe Foster V Hewlett Packard Co.
Mr. Kevin Butt A IBM Corp.
Mr. George O. Penokie P IBM Corp.
Mr. Sivan Tal V IBM Corp.
Mr. Robert Sheffield P Intel Corp.
Mr. Walt Hubis V LSI Corp.
Mr. Frederick Knight A Network Appliance
Mr. Matthew Ball V Quantum Corp.
Mr. Jim Scott P Vitesse Semiconductor
18 People Present
Status Key: P - Principal
A,A# - Alternate
AV - Advisory Member
E - Emeritus
L - Liaison
V - Visitor
4.1 SCSI Primary Commands Proposals
4.1.1 SPC-4 CDB Encapsulation Alternatives (07-158r0) [Weber]
Ralph Weber presented a proposal that showed alternatives to the CDB Encapsulation described in 07-158r0 with the following alterations: do not describe how encryption is done at all (leave that to a future proposal by someone who wants to encrypt CDBs), add three reserved bytes following the 7Eh operation code so that the original CDB operation code is 4-byte aligned, and provide a description of how to add and remove encapsulations (possibly as an informative annex).
Ralph agreed to revise 07-158r0 be removed from future agendas.
5.1 SPC-4: Establishing a Security Association using IKEv2 (06-449r3) [Ball & Black]
David Black and Matt Ball presented a proposal to define an IKEv2-based method for establishing a Security Association (06-449r3). The group requested several enhancements such as clarifications of error handling issues and adding a simplified diagram showing the IKEv2 aspects of the protocol with the SCSI commands factored out.
David and Matt agreed to prepare a new revision for consideration at the next meeting.
5.2 Capability based Command Security (07-069r3) [Penokie]
George Penokie and Sivan Tal presented a proposal to secure SCSI commands with a capability-based encapsulation modelled on the OSD security mechanism (07-069r3). The group quickly determined that there is no one-to-one mapping between I_T nexus identifiers and Security Tokens. The group worked to construct a broadly agreeable definition of Security Token. A few other improvements were recommended.
George agreed to prepare a new revision for consideration at the next meeting.
5.3 Command Security via SAs (07-149r0) [Weber]
Ralph Weber presented some ideas for using TBD SA Usage Data to provide command security (possibly linked to the application sending the commands) with SA Authentication (07-069r3.
Ralph agreed to revise the proposal and present it again at the May CAP meeting.
5.4 ESP-SCSI for Parameter Data (07-169r0) [Weber]
Matt Ball led the group in a review of Quantum's issues with Ralph Weber's initial ESP-SCSI definition (07-169r0). Due to a lack of sufficient time, several issues in Matt's marked up PDF could not be address. Ralph agreed to review all the issues in Matt's PDF, integrate the changes recommended by the group (particularly the changes related to Sequence Number requirements), and prepare a new revision for consideration at the next meeting.
5.5 SPC-4 request for security protocol (07-184r0) [Ballard]
In the absence of Curtis Ballard, discussion of this topic was deferred to the May CAP meeting.
8. Review of Recommendations to the Plenary
Ralph Weber noted that no recommendations have been made to the T10 plenary.
The next meeting of the SCSI Commands, Architecture, and Protocols Working Group will be Wednesday, May 9, 2007 from 9 a.m. until 7 p.m. and resuming Thursday, May 10, 2007 from 9 a.m. until noon. The meeting will be in Bellevue, WA at the Hyatt Regency Hotel (425-462-1234) hosted by Microsoft Corp.
The meeting was adjourned at 6:25 p.m. on Tuesday April 17, 2007.