Use of IKEv2 in the Fibre Channel Security Association Management Protocol
RFC 4595
Document | Type |
RFC - Informational
(July 2006; Errata)
Was draft-maino-fcsp (individual in sec area)
|
|
---|---|---|---|
Authors | David Black , Fabio Maino | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4595 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group F. Maino Request for Comments: 4595 Cisco Systems Category: Informational D. Black EMC Corporation July 2006 Use of IKEv2 in the Fibre Channel Security Association Management Protocol Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes the use of IKEv2 to negotiate security protocols and transforms for Fibre Channel as part of the Fibre Channel Security Association Management Protocol. This usage requires that IKEv2 be extended with Fibre-Channel-specific security protocols, transforms, and name types. This document specifies these IKEv2 extensions and allocates identifiers for them. Using new IKEv2 identifiers for Fibre Channel security protocols avoids any possible confusion between IKEv2 negotiation for IP networks and IKEv2 negotiation for Fibre Channel. Maino & Black Informational [Page 1] RFC 4595 IKEv2 in FC-SP July 2006 Table of Contents 1. Introduction ....................................................3 1.1. Requirements Notation ......................................3 2. Overview ........................................................4 3. Fibre Channel Security Protocols ................................5 3.1. ESP_Header Protocol ........................................6 3.2. CT_Authentication Protocol .................................7 4. The FC SA Management Protocol ...................................9 4.1. Fibre Channel Name Identifier ..............................9 4.2. ESP_Header and CT_Authentication Protocol ID ...............9 4.3. CT_Authentication Protocol Transform Identifiers ..........10 4.4. Fibre Channel Traffic Selectors ...........................10 4.5. Negotiating Security Associations for FC and IP ...........12 5. Security Considerations ........................................12 6. IANA Considerations ............................................13 7. References .....................................................14 7.1. Normative References ......................................14 7.2. Informative References ....................................14 Maino & Black Informational [Page 2] RFC 4595 IKEv2 in FC-SP July 2006 1. Introduction Fibre Channel (FC) is a gigabit-speed network technology primarily used for Storage Networking. Fibre Channel is standardized in the T11 [T11] Technical Committee of the InterNational Committee for Information Technology Standards (INCITS), an American National Standard Institute (ANSI) accredited standards committee. FC-SP (Fibre Channel Security Protocols) is a T11 Technical Committee working group that has developed the "Fibre Channel Security Protocols" standard [FC-SP], a security architecture for Fibre Channel networks. The FC-SP standard defines a set of protocols for Fibre Channel networks that provides: 1. device-to-device (hosts, disks, switches) authentication; 2. management and establishment of secrets and security associations; 3. data origin authentication, integrity, anti-replay protection, confidentiality; and 4. security policies distribution. Within this framework, a Fibre Channel device can verify the identity of another Fibre Channel device and establish a shared secret that will be used to negotiate security associations for security protocols applied to Fibre Channel frames and information units. The same framework allows for distributions within a Fibre Channel fabric of policies that will be enforced by the fabric. FC-SP has adapted the IKEv2 protocol [RFC4306] to provide authentication of Fibre Channel entities and setup of security associations. 1.1. Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Maino & Black Informational [Page 3] RFC 4595 IKEv2 in FC-SP July 2006 2. Overview Fibre Channel defines two security protocols that provide security services for different portions of Fibre Channel traffic: the ESP_Header defined in [FC-FS] and CT_Authentication defined inShow full document text