The IESG has approved the following document:
- 'Finding FCIP Entities Using SLPv2 '
<draft-ietf-ips-fcip-slp-09.txt> as a Proposed Standard
This document is the product of the IP Storage Working Group.
The IESG contact persons are Allison Mankin and Jon Peterson.
Technical Summary
draft-ietf-ips-fcip-slp-09.txt describes the use of the Service
Location Protocol Version 2 (SLPv2) to perform dynamic discovery of
participating FCIP Entities. Implementation guidelines, service
type templates, and security considerations are specified. FCIP is
a pure FC encapsulation protocol that transports FC frames. As
defined by the IPS WG, it interconnects Fibre Channel switches over
TCP/IP networks.
Working Group Summary
The Working Group had consensus to advance this documents to Proposed
Standard. The SLPv2 and discovery aspects were given review and
discussion on the mailing list by Erik Guttman and James Kempf, and this
was an active discussion. This document had a revision following
IESG review which was concerned about the Security Considerations and
some text originally present on NAT, which was viewed as needing to be
in a more general document and as not providing significant guidance.
Protocol Quality
The documents were reviewed for the IESG by Erik Guttman, James Kempf,
Thomas Narten and Allison Mankin. David Black addressed the issues
of the security review.
RFC Editor Notes
-----
Section 4.2 NAT and NAPT Considerations - delete this entire section
-----
Section 5.2 - remove the line:
# snmp://192.0.2.0
-----
Section 6.1. Security Implementation - section is replaced by new text:
OLD:
6.1. Security Implementation
Security for SLPv2 in an IP storage environment is specified in [IPS-
SEC].
IPsec SHOULD be implemented for SLPv2 as specified in [IPS-SEC]. This
includes ESP with a non-null transform to provide both authentication
and confidentiality.
SLPv2 authentication is OPTIONAL to implement and use, and SLPv2
authentication SHOULD be implemented when IPsec is not supported.
NEW:
6.1. Security Implementation
Security for SLPv2 in an IP storage environment is specified in
[RFC3723]. IPsec is mandatory-to-implement for IPS clients and servers.
Thus, all IP storage clients, including those invoking SLP, can be
assumed to support IPsec. SLP servers, however, cannot be assumed
to implement IPsec, since there is no such requirement in standard
SLP. In particular, SLP Directory Agents (DA) may be running on machines
other than those running the IPS protocols.
IPsec SHOULD be implemented for SLPv2 as specified in [RFC3723]; this
includes ESP with a non-null transform to provide both authentication
and confidentiality.
Because the IP storage services have their own authentication
capabilities when located, SLPv2 authentication is OPTIONAL
to implement and use (as discussed in more detail in [RFC 3723]).
Change the draft's normative reference [IPS-SEC] to [RFC 3723].
_______________________________________________
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
