The IESG has approved the following document: - 'Securing Block Storage Protocols over IP: RFC 3723 Requirements Update for IPsec v3' (draft-ietf-storm-ipsec-ips-update-04.txt) as Proposed Standard This document is the product of the STORage Maintenance Working Group. The IESG contact persons are Martin Stiemerling and Spencer Dawkins. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-storm-ipsec-ips-update/ Technical Summary RFC 3723 specifies IPsec requirements for block storage protocols over IP (e.g., iSCSI) based on IPsec v2 (RFC 2401 and related RFCs); those requirements have subsequently been applied to remote direct data placement protocols, e.g., RDMAP. This document updates RFC 3723's IPsec requirements to IPsec v3 (RFC 4301 and related RFCs) and makes some changes to required algorithms based on developments in cryptography since RFC 3723 was published. Working Group Summary This document updates the IPsec requirements in RFC 3723 and all RFCs to which those requirements apply. The iSCSI maintenance work in the storm WG had originally intended to only update the IPsec requirements for iSCSI. Two developments changed this approach: o Cryptographic developments upended RFC 3723's requirement for 3DES as the mandatory to implement encryption transform. The protocols to which RFC 3723 applies can approach 3DES's birthday bound and need to rekey in less than a minute on high-speed links. o iSER (iSCSI extensions for RDMA) uses RFC 3723 IPsec requirements twice, once for iSCSI and once for the underlying rddp (iWARP) RDMA protocol. An RFC 3723 update is needed for the latter in order to avoid inconsistent IPsec requirements in the same protocol stack. David McGrew and Steve Kent (respectively) deserve credit for surfacing the above two concerns that lead to creation of this document. This document has not been controversial in the storm WG. Document Quality This document specifies a profile of widely implemented protocols, IPsec v2 and v3. The specified cryptographic transforms have been selected as ones that are commonly available in IPsec implementations. Sean Turner (SEC AD) and Paul Hoffman (ipsecme WG chair) were both notably helpful in providing advice on transform selection. Yaron Sheffer (ipsecme WG chair) provided a thorough review that significantly improved the quality of this document. Tom Talpey (storm WG chair) provided a thorough WG Last Call review. The document shepherd is very pleased with the help received from both ipsecme WG co-chairs and the AD responsible for the ipsecme WG. Personnel Document Shepherd: David Black (storm WG co-chair, david.black@emc.com) Responsible Area Director: Martin Stiemerling (Transport, martin.stiemerling@neclab.eu)
