BS ISO/IEC 14165-432:2022:2024 Edition

$215.11

Information technology. Fibre channel – Security Protocols. 2 (FC-SP-2)

Published By	Publication Date	Number of Pages
BSI	2024	312

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
2	undefined
4	Contents
17	FOREWORD
19	INTRODUCTION
20	1 Scope
21	2 Normative references
25	3 Terms, definitions, symbols, abbreviated terms, and conventions 3.1 Terms and definitions
32	3.2 Symbols and abbreviated terms
33	3.3 Editorial conventions Tables Table 1 – ISO and American conventions
34	3.4 Keywords
35	3.5 T10 Vendor ID 3.6 Sorting
36	3.7 Terminate communication
37	3.8 State machine notation 3.9 Using numbers in hash functions and concatenation functions Figures Figure 1 – State machine example
39	4 Structure and Concepts 4.1 Overview 4.2 FC-SP-2 Compliance 4.3 Fabric Security Architecture 4.4 Authentication Infrastructure
40	4.5 Authentication Figure 2 – Relationship between Authentication Protocols and Security Associations
41	4.6 Security Associations 4.7 Cryptographic Integrity and Confidentiality 4.7.1 Overview
42	4.7.2 ESP_Header Processing Figure 3 – Logical Model for Integrity and Confidentiality Protection with ESP_Header
43	4.7.3 CT_Authentication Processing
44	Figure 4 – Logical Model for Integrity and Confidentiality Protection with CT_Authentication
45	4.8 Authorization (Access Control) 4.8.1 Policy Definition 4.8.2 Policy Enforcement
46	4.8.3 Policy Distribution 4.8.4 Policy Check 4.9 Name Format Table 2 – Name Format
47	5 Authentication Protocols 5.1 Overview Figure 5 – A Generic Authentication Transaction
48	5.2 Authentication Messages Structure 5.2.1 Overview
49	5.2.2 SW_ILS Authentication Messages Table 3 – AUTH_ILS Message Format Table 4 – AUTH_ILS Flags
50	5.2.3 ELS Authentication Messages Table 5 – B_AUTH_ILS Message Format Table 6 – AUTH_ELS Message Format Table 7 – AUTH_ELS Flags
51	5.2.4 Fields Common to All AUTH Messages Table 8 – AUTH Message Codes
52	5.2.5 Vendor Specific Messages 5.3 Authentication Messages Common to Authentication Protocols 5.3.1 Overview Table 9 – Vendor Specific Message Payload Format
53	5.3.2 AUTH_Negotiate Message Table 10 – AUTH_Negotiate Message Payload
54	5.3.3 Names used in Authentication Table 11 – Authentication Protocol Identifiers Table 12 – AUTH_Negotiate Vendor Specific Protocol Parameters Table 13 – Names used in Authentication
55	5.3.4 Hash Functions 5.3.5 Diffie-Hellman Groups Table 14 – Hash Functions Identifiers Table 15 – Diffie-Hellman Group Identifiers (part 1 of 2)
56	5.3.6 Accepting an AUTH_Negotiate Message 5.3.7 AUTH_Reject Message Table 15 – Diffie-Hellman Group Identifiers (part 2 of 2)
57	Figure 6 – Example of AUTH_Reject Table 16 – AUTH_Reject Message Payload Table 17 – AUTH_Reject Reason Codes
58	Table 18 – AUTH_Reject Reason Code Explanations Table 19 – Error Conditions (part 1 of 2)
59	5.3.8 AUTH_Done Message Table 19 – Error Conditions (part 2 of 2)
60	5.4 DH-CHAP Protocol 5.4.1 Protocol Operations Figure 7 – A DH-CHAP Protocol Transaction Example
61	Table 20 – Mathematical Notation for DH-CHAP
62	5.4.2 AUTH_Negotiate DH-CHAP Parameters Table 21 – AUTH_Negotiate DH-CHAP Protocol Parameters Table 22 – AUTH_Negotiate DH-CHAP Parameter Format Table 23 – AUTH_Negotiate DH-CHAP Parameter Tags
63	5.4.3 DHCHAP_Challenge Message Table 24 – DHCHAP_Challenge Message Payload
64	5.4.4 DHCHAP_Reply Message
65	Table 25 – DHCHAP_Reply Message Payload
66	5.4.5 DHCHAP_Success Message Table 26 – DHCHAP_Success Message Payload
67	5.4.6 Key Generation for the Security Association Management Protocol 5.4.7 Reuse of Diffie-Hellman Exponential 5.4.8 DH-CHAP Security Considerations
69	5.5 FCAP Protocol 5.5.1 Protocol Operations Table 27 – Mathematical Notation for FCAP
70	Figure 8 – A FCAP Protocol Transaction Example
72	5.5.2 AUTH_Negotiate FCAP Parameters Table 28 – AUTH_Negotiate FCAP Protocol Parameters Table 29 – AUTH_Negotiate FCAP Parameter Format Table 30 – AUTH_Negotiate FCAP Parameter Tags
73	5.5.3 FCAP_Request Message Table 31 – FCAP_Request Message Payload
74	Table 32 – FCAP Certificate Format Table 33 – Certificate Formats Table 34 – FCAP usage of X.509v3 Certificate fields (part 1 of 2)
75	Table 34 – FCAP usage of X.509v3 Certificate fields (part 2 of 2)
76	5.5.4 FCAP_Acknowledge Message Table 35 – FCAP Nonce Format Table 36 – Nonce Formats Table 37 – FCAP_Acknowledge Message Payload
77	Table 38 – FCAP Signature Format Table 39 – Signature Formats
78	5.5.5 FCAP_Confirm Message 5.5.6 Key Generation for the Security Association Management Protocol Table 40 – FCAP_Confirm Message Payload
79	5.5.7 Reuse of Diffie-Hellman Exponential
80	5.6 FCPAP Protocol 5.6.1 Protocol Operations Table 41 – Mathematical Notation for FCPAP
81	Figure 9 – A FCPAP Protocol Transaction Example
83	5.6.2 AUTH_Negotiate FCPAP Parameters Table 42 – AUTH_Negotiate FCPAP Protocol Parameters Table 43 – AUTH_Negotiate FCPAP Parameter Format Table 44 – AUTH_Negotiate FCPAP Parameter Tags
84	5.6.3 FCPAP_Init Message Table 45 – FCPAP_Init Message Payload
85	5.6.4 FCPAP_Accept Message 5.6.5 FCPAP_Complete Message Table 46 – FCPAP_Accept Message Payload Table 47 – FCPAP_Complete Message Payload
86	5.6.6 Key Generation for the Security Association Management Protocol 5.6.7 Reuse of Diffie-Hellman Exponential
87	5.7 FCEAP Protocol 5.7.1 Protocol Operations 5.7.2 AUTH_Negotiate FCEAP Parameters Figure 10 – A FCEAP Protocol Transaction Example
88	5.7.3 FCEAP_Request Message 5.7.4 FCEAP_Response Message Table 48 – FCEAP_Request Message Payload Table 49 – FCEAP_Response Message Payload
89	5.7.5 FCEAP_Success Message 5.7.6 FCEAP_Failure Message Table 50 – FCEAP_Success Message Payload Table 51 – FCEAP_Failure Message Payload
90	5.7.7 AUTH_Reject Use 5.7.8 AUTH_ELS and AUTH_ILS Size Requirements Figure 11 – A Failing FCEAP Protocol Transaction Example
91	5.7.9 Supported EAP Methods 5.7.10 Key Generation for the Security Association Management Protocol Table 52 – Supported EAP Methods
92	5.8 AUTH_ILS Specification 5.8.1 Overview
93	5.8.2 AUTH_ILS Request Sequence Figure 12 – FC-2 AUTH_ILS Mapping Example for the E_Port to E_Port Case
94	5.8.3 AUTH_ILS Reply Sequence 5.9 B_AUTH_ILS Specification 5.9.1 Overview Table 53 – AUTH_ILS SW_RJT Reasons Table 54 – AUTH_ILS SW_ACC Payload
95	Figure 13 – Usage of B_AUTH_ILS
96	5.9.2 B_AUTH_ILS Request Sequence Figure 14 – FC-2 B_AUTH_ILS Mapping Example
97	5.9.3 B_AUTH_ILS Reply Sequence 5.10 AUTH_ELS Specification 5.10.1 Overview Table 55 – B_AUTH_ILS SW_RJT Reasons Table 56 – B_AUTH_ILS SW_ACC Payload
99	5.10.2 AUTH_ELS Request Sequence Figure 15 – FC-2 AUTH_ELS Mapping Example for the Nx_Port to Nx_Port Case
100	5.10.3 AUTH_ELS Reply Sequence 5.10.4 AUTH_ELS Fragmentation Table 57 – AUTH_ELS LS_RJT Reasons Table 58 – AUTH_ELS LS_ACC Payload
101	Figure 16 – AUTH_ELS Fragmentation Process
102	Figure 17 – Use of the Sequence Number Bit Example
103	Figure 18 – FC-2 Authentication Mapping with AUTH_ELS Fragmentation Example
104	5.10.5 Authentication and Login Table 59 – Security Bit Applicability Table 60 – Security Bit usage with FLOGI
105	5.11 Re-Authentication Table 61 – Security Bit usage with PLOGI Table 62 – Login LS_RJT Reasons
106	5.12 Timeouts
107	6 Security Association Management Protocol 6.1 Overview 6.1.1 General Figure 19 – An SA Management Transaction Example
108	Table 63 – IKE Payloads Summary
109	6.1.2 IKE_SA_Init Overview 6.1.3 IKE_Auth Overview
110	6.1.4 IKE_Create_Child_SA Overview 6.2 SA Management Messages 6.2.1 General Structure
111	6.2.2 IKE_Header Payload Table 64 – IKE_Header Payload Format
112	6.2.3 Chaining Header Table 65 – IKE Flags Table 66 – Chaining Header Format
113	Table 67 – IKE Payload Type Values
114	6.2.4 AUTH_Reject Message Use 6.3 IKE_SA_Init Message 6.3.1 Overview Table 68 – Chaining Flags
115	6.3.2 Security_Association Payload Figure 20 – An IKE_SA_Init exchange Table 69 – IKE_SA_Init Message Payload
117	Table 70 – Examples of Proposals
118	Table 71 – Security_Association Payload Format
119	Table 72 – Security Protocol Identifiers Table 73 – Transforms Definition
120	Table 74 – Transform Type Values
121	Table 75 – Encryption Algorithms Transform_IDs (Transform Type 1) Table 76 – Pseudo-random Functions Transform_IDs (Transform Type 2)
122	Table 77 – Integrity Algorithms Transform_IDs (Transform Type 3) Table 78 – Diffie-Hellman Group Transform_IDs (Transform Type 4)
123	Table 79 – Mandatory Transform Types Table 80 – Mandatory and Recommended Transform_IDs (part 1 of 2)
124	Table 80 – Mandatory and Recommended Transform_IDs (part 2 of 2)
125	Table 81 – Transform Attributes Definition Table 82 – Attribute Type Values
126	6.3.3 Key_Exchange Payload 6.3.4 Nonce Payload 6.4 IKE_Auth Message 6.4.1 Overview Table 83 – Key_Exchange Payload Format Table 84 – Nonce Payload Format
127	Figure 21 – An IKE_Auth exchange Table 85 – IKE_Auth Message Payload
128	6.4.2 Encrypted Payload Table 86 – IKE Payloads Contained in the IKE_Auth Message Table 87 – Encrypted Payload Format
129	6.4.3 Identification Payload Table 88 – Identification Payload Format Table 89 – Type Identifiers
130	6.4.4 Authentication Payload 6.4.5 Traffic Selector Payload Table 90 – Authentication Payload Format Table 91 – Authentication Methods Table 92 – Traffic Selector Payload Format
131	Table 93 – Traffic Selector Definition Table 94 – TS Type Identifiers
132	6.4.6 Certificate Payload Table 95 – Certificate Payload Format
133	6.4.7 Certificate Request Payload Table 96 – Certificate Encodings
134	Table 97 – Certificate Request Payload Format
135	6.5 IKE_Create_Child_SA Message Figure 22 – An IKE_Create_Child_SA exchange
136	6.6 IKE_Informational Message 6.6.1 Overview Table 98 – IKE_Create_Child_SA Message Payload Table 99 – IKE Payloads Contained in the IKE_Create_Child_SA Message
137	Figure 23 – An IKE_Informational exchange Table 100 – IKE_Informational Message Payload
138	6.6.2 Notify Payload Table 101 – IKE Payloads Contained in the IKE_Informational Message Table 102 – Notify Payload Format
139	Table 103 – Notify Message Types – Errors (part 1 of 2)
140	Table 103 – Notify Message Types – Errors (part 2 of 2)
141	6.6.3 Delete Payload Table 104 – Notify Message Types – Status
142	6.6.4 Vendor_ID Payload Table 105 – Delete Payload Format
143	6.7 Interaction with the Authentication Protocols 6.7.1 Overview 6.7.2 Concatenation of Authentication and SA Management Transactions Table 106 – Vendor_ID Payload Format
145	6.7.3 SA Management Transaction as Authentication Transaction Figure 24 – Concatenation of Authentication and SA Management Transactions
146	6.8 IKEv2 Protocol Details 6.8.1 Use of Retransmission Timers 6.8.2 Use of Sequence Numbers for Message_IDs Figure 25 – An IKEv2-AUTH Transaction
147	6.8.3 Overlapping Requests 6.8.4 State Synchronization and Connection Timeouts 6.8.5 Cookies and Anti-Clogging Protection 6.8.6 Cryptographic Algorithms Negotiation 6.8.7 Rekeying 6.8.8 Traffic Selector Negotiation
148	6.8.9 Nonces 6.8.10 Reuse of Diffie-Hellman Exponential 6.8.11 Generating Keying Material 6.8.12 Generating Keying Material for the IKE_SA 6.8.13 Authentication of the IKE_SA
149	6.8.14 Generating Keying Material for Child_SAs 6.8.15 Rekeying IKE_SAs using the IKE_Create_Child_SA exchange 6.8.16 IKE_Informational Messages outside of an IKE_SA 6.8.17 Error Handling 6.8.18 Conformance Requirements
150	6.8.19 Rekeying IKE_SAs when Refreshing Authentication
151	7 Fabric Policies 7.1 Policies Definition 7.1.1 Overview Figure 26 – Policy Data Structures
152	Table 107 – Policy Objects
153	7.1.2 Names used to define Policies Table 108 – Names used to define Policies
155	7.1.3 Policy Summary Object Table 109 – Policy Summary Object Format Table 110 – Object Flags
156	7.1.4 Switch Membership List Object Table 111 – Hash Field Format Table 112 – Hash Formats
157	Table 113 – Switch Membership List Object Format Table 114 – Object Flags
158	Table 115 – Switch Entry Field Format Table 116 – Basic Switch Attributes Format Table 117 – Switch Flags
160	Table 118 – Policy Data Role Table 119 – Authentication Behavior
161	7.1.5 Node Membership List Object Table 120 – Node Membership List Object Format
162	Table 121 – Node Entry Field Format Table 122 – Basic Node Attribute Format Table 123 – Node Flags
163	Table 124 – Common Transport Access Specifier Format Table 125 – CT Access Descriptor Format Table 126 – CT Access Flags
164	Table 127 – Examples of Common Transport Access Specifiers
165	7.1.6 Switch Connectivity Object Table 128 – Switch Connectivity Object Format
166	7.1.7 IP Management List Object Table 129 – Port Connectivity Entry Format
167	Table 130 – IP Management List Object Format Table 131 – IP Management Entry Format
168	Table 132 – Basic IP Management Attributes Format Table 133 – IP Management Flags Table 134 – Well Known Protocols Access Specifier Format Table 135 – WKP Access Descriptor Format
169	Table 136 – WKP Access Flags
170	7.1.8 Attribute Object Table 137 – Examples of Well Known Protocols Access Specifiers
171	Table 138 – Attribute Object Format Table 139 – Attribute Entry Format Table 140 – Attribute Formats
172	7.2 Policies Enforcement 7.2.1 Overview 7.2.2 Switch-to-Switch Connections Table 141 – Notation for Policy Enforcement
173	7.2.3 Switch-to-Node Connections
174	7.2.4 In-Band Management Access to a Switch
175	7.2.5 IP Management Access to a Switch
176	7.2.6 Direct Management Access to a Switch
177	7.2.7 Authentication Enforcement 7.3 Policies Management 7.3.1 Management Interface
178	Figure 27 – Policy Management Model Table 142 – Security Policy Server – Request Command Codes (part 1 of 2)
179	7.3.2 Fabric Distribution Table 142 – Security Policy Server – Request Command Codes (part 2 of 2) Table 143 – ESFC Operations for Fabric Policies Table 144 – ESFC Payload for Operation ‘Activate Policy Summary’
180	Table 145 – ESFC Payload for Operation ‘Deactivate Policy Summary’ Table 146 – ESFC Payload for Operation ‘Add Policy Object’
181	Table 147 – ESFC Payload for Operation ‘Remove Policy Object’ Table 148 – ESFC Payload for Operation ‘Remove All Non-Active Policy Objects’
182	7.3.3 Relationship between Security Policy Server Requests and Fabric Actions 7.3.4 Policy Objects Support Table 149 – Security Policy Server CT Requests and Fabric Actions
183	Table 150 – GPOS Request CT_IU Table 151 – Accept CT_IU to a GPOS Request
184	Table 152 – Fabric Policy Objects Support Flags Table 153 – Switch Policy Objects Support Entry Format
185	Table 154 – Switch Policy Objects Support Flags Table 155 – ESS Security Policy Server Capability Object Format
186	7.3.5 Optional Data Table 156 – Optional Data Field Format Table 157 – Security Object Format Table 158 – Security Object Tags
187	7.3.6 Detailed Management Specification Table 159 – Vendor Specific Security Object Payload Format Table 160 – GPS Request CT_IU Table 161 – Accept CT_IU to a GPS Request
188	Table 162 – APS Request CT_IU Table 163 – Accept CT_IU to an APS Request
189	Table 164 – DPS Request CT_IU Table 165 – Accept CT_IU to a DPS Request Table 166 – GPO Request CT_IU
190	Table 167 – Accept CT_IU to a GPO Request Table 168 – GALN Request CT_IU
191	Table 169 – Accept CT_IU to a GALN Request Table 170 – GAAO Request CT_IU
192	Table 171 – Accept CT_IU to a GAAO Request Table 172 – APO Request CT_IU
193	Table 173 – Accept CT_IU to an APO Request Table 174 – RPO Request CT_IU
194	Table 175 – Accept CT_IU to a RPO Request Table 176 – RANA Request CT_IU
195	7.4 Policies Check 7.4.1 Overview 7.4.2 CPS Request Sequence Table 177 – Accept CT_IU to a RANA Request Table 178 – Check Policy Summary SW_ILS Request Payload
196	7.4.3 CPS Reply Sequence 7.5 Policy Summation ELSs 7.5.1 Overview 7.5.2 Fabric Change Notification Specification Table 179 – Check Policy Summary SW_RJT Reasons Table 180 – Check Policy Summary SW_ACC Payload
197	7.6 Zoning Policies 7.6.1 Overview 7.6.2 Management Requests
198	Table 181 – Fabric Enhanced Zoning Support Flags Additions Table 183 – Fabric Enhanced Zoning Request Flags Additions
199	Table 184 – SPCMIT Request Payload
200	7.6.3 Fabric Operations Table 185 – SPCMIT Accept Payload Table 186 – ESS Zone Server Support Flags Additions
201	Table 187 – Zoning Check Protocol SW_ILS Request Payload Table 188 – Zoning Check Protocol SW_RJT Reasons
202	Table 189 – Zoning Check Protocol SW_ACC Payload Table 190 – Additional SFC Operation Request Codes
203	Table 191 – Payload for the Operation Request ‘FC-SP Activate Zone Set Enhanced’
204	Table 192 – Payload for the Operation Request ‘FC-SP Deactivate Zone Set Enhanced’ Table 193 – Payload for the Operation Request ‘FC-SP Distribute Zone Set Database’
205	Table 194 – Payload for the Operation Request ‘FC-SP Activate Zone Set by Name’ Table 195 – Payload for the Operation Request ‘FC-SP Set Zoning Policies’
206	7.6.4 Zoning Ordering Rules
207	7.6.5 The Client-Server Protocol
208	Table 196 – Zone Information Request SW_ILS Request Payload
209	Table 197 – Zone Information Request SW_RJT Reasons Table 198 – Zone Information Request SW_ACC Payload
210	8 Combinations of Security Protocols 8.1 Entity Authentication Overview 8.2 Terminology
211	8.3 Scope of Security Relationships 8.3.1 N_Port_ID Virtualization 8.3.2 Nx_Port Entity to a Fabric Entity Figure 28 – Entity Authentication Standard Perspective
212	8.3.3 Nx_Port Entity to Nx_Port Entity 8.4 Entity Authentication Model
213	Figure 29 – Entity Authentication Model for an Nx_Port (Informative)
214	8.5 Abstract Services for Entity Authentication 8.5.1 Overview 8.5.2 Authentication Service
215	8.5.3 Security Service 8.5.4 FC-2 Service
220	8.6 Nx_Port to Fabric Authentication (NFA) State Machine 8.6.1 Overview
221	8.6.2 NFA States Figure 30 – NFA State Machine
222	8.6.3 NFA Events 8.6.4 NFA Transitions
228	8.7 Fabric from Nx_Port Authentication (FNA) State Machine 8.7.1 Overview
229	8.7.2 FNA States Figure 31 – FNA State Machine
230	8.7.3 FNA Events 8.7.4 FNA Transitions
238	8.8 Nx_Port to Nx_Port Authentication (NNA) State Machine 8.8.1 Overview
239	8.8.2 NNA States Figure 32 – NNA State Machine
240	8.8.3 NNA Events 8.8.4 NNA Transitions
247	8.9 Additional Security State Machines 8.9.1 E_Port to E_Port Security Checks Figure 33 – State P17:Security Checks
248	8.9.2 B_Port Security Checks 8.9.3 Switch Security Checks with Virtual Fabrics
249	Figure 34 – State P24(k):Security Checks
250	8.9.4 N_Port Security Checks with Virtual Fabrics 8.10 Impact on Other Standards
251	Annex A: FC-SP-2 Compliance Summary (normative) A.1 Compliance Elements A.1.1 Overview Table A.1 – FC-SP-2 Authentication Compliance Elements Table A.2 – FC-SP-2 SA Management Compliance Elements Table A.3 – FC-SP-2 Policy Compliance Elements
252	A.1.2 FC-SP-2 Compliance A.1.3 Conventions Table A.4 – Feature Set table terms and definitions Table A.5 – Feature Set table key abbreviations
253	A.2 Authentication Compliance Elements A.2.1 AUTH-A Table A.6 – Authentication Protocols Support for AUTH-A Table A.7 – AUTH Messages Support for AUTH-A Table A.8 – Hash Functions Support for AUTH-A Table A.9 – DH Groups Support for AUTH-A
254	A.2.2 AUTH-B1 Table A.10 – Authentication Protocols Support for AUTH-B1 Table A.11 – AUTH Messages Support for AUTH-B1 Table A.12 – Hash Functions Support for AUTH-B1 Table A.13 – DH Groups Support for AUTH-B1
255	A.2.3 AUTH-B2 Table A.14 – Authentication Protocols Support for AUTH-B2 Table A.15 – AUTH Messages Support for AUTH-B2 Table A.16 – Hash Functions Support for AUTH-B2 Table A.17 – DH Groups Support for AUTH-B2
256	A.2.4 AUTH-B3 Table A.18 – Authentication Protocols Support for AUTH-B3 Table A.19 – AUTH Messages Support for AUTH-B3 Table A.20 – Hash Functions Support for AUTH-B3 Table A.21 – DH Groups Support for AUTH-B3
257	A.3 SA Management Compliance Elements A.3.1 Algorithms Support Table A.22 – Security Protocols Support Table A.23 – Encryption Algorithms Support Table A.24 – Pseudo Random Functions Support
258	Table A.25 – Integrity Algorithms Support Table A.26 – SA Management DH Groups Support
259	A.3.2 SA-A Table A.27 – SA Management Protocol Support for SA-A Table A.28 – AUTH Messages Support for SA-A Table A.29 – IKEv2 Payloads Support for SA-A
260	A.3.3 SA-B Table A.29 – IKEv2 Payloads Support for SA-A Table A.30 – SA Management Protocol Support for SA-B
261	Table A.31 – AUTH Messages Support for SA-B Table A.32 – Authentication Hash Functions Support for SA-B Table A.33 – Authentication DH Groups Support for SA-B Table A.34 – IKEv2 Payloads Support for SA-B (part 1 of 2)
262	Table A.34 – IKEv2 Payloads Support for SA-B (part 2 of 2)
263	A.3.4 SA-C1 Table A.35 – SA Management Protocol Support for SA-C1 Table A.36 – AUTH Messages Support for SA-C1 Table A.37 – Authentication Hash Functions Support for SA-C1
264	Table A.38 – Authentication DH Groups Support for SA-C1 Table A.39 – IKEv2 Payloads Support for SA-C1
265	A.3.5 SA-C2 Table A.40 – SA Management Protocol Support for SA-C2 Table A.41 – AUTH Messages Support for SA-C2 Table A.42 – Authentication Hash Functions Support for SA-C2
266	Table A.43 – Authentication DH Groups Support for SA-C2 Table A.44 – IKEv2 Payloads Support for SA-C2
267	A.3.6 SA-C3 Table A.45 – SA Management Protocol Support for SA-C3 Table A.46 – AUTH Messages Support for SA-C3 Table A.47 – Authentication Hash Functions Support for SA-C3
268	Table A.48 – Authentication DH Groups Support for SA-C3 Table A.49 – IKEv2 Payloads Support for SA-C3
269	A.4 Policy Compliance Elements A.4.1 POL-A1 Table A.50 – Protocols Support for POL-A1 Table A.51 – Policy Objects Support for POL-A1 Table A.52 – Switch Flags Support for POL-A1
270	A.4.2 POL-A2 Table A.53 – Security Policy Server Support for POL-A1 Table A.54 – EUFC Operations Support for POL-A1 Table A.55 – Protocols Support for POL-A2
271	A.4.3 POL-A3 Table A.56 – Policy Objects Support for POL-A2 Table A.57 – Security Policy Server Support for POL-A2 Table A.58 – EUFC Operations Support for POL-A2 Table A.59 – Protocols Support for POL-A3
272	A.4.4 POL-B3 Table A.60 – Protocols Support for POL-B3 Table A.61 – Policy Objects Support for POL-B3 Table A.62 – Switch Flags Support for POL-B3
273	Table A.63 – Security Policy Server Support for POL-B3 Table A.64 – EUFC Operations Support for POL-B3
274	Annex B: KMIP Profile for FC-SP-2 EAP-GPSK (Normative) B.1 Overview B.2 General B.3 KMIP profile specification B.3.1 FC-SP-2 EAP-GPSK Profile B.3.2 FC-SP-2 EAP-GPSK Authentication Suite B.3.2.1 Protocol
275	B.3.2.2 Client Authenticity B.3.2.3 Client Identity B.3.2.4 Object Creator B.3.2.5 Access Policy
276	B.3.3 FC-SP-2 EAP/GPSK Key Foundry and Server Conformance Clause
278	Annex C: Random Number Generation and Secret Storage (informative) C.1 Random Number Generator C.2 Secret Storage
279	Annex D: RADIUS Deployment (informative) D.1 Overview D.2 RADIUS Servers D.2.1 Overview
280	D.2.2 Digest Algorithm D.3 RADIUS Messages D.3.1 Message Types Table D.1 – RADIUS Message Format Table D.2 – RADIUS Message Codes
281	D.3.2 Radius Attributes D.3.2.1 User-Name Table D.3 – User-Name Attribute
282	Table D.4 – Binary to UTF-8 Transformation
283	D.3.2.2 CHAP-Password D.3.2.3 CHAP-Challenge Table D.5 – CHAP-Password Attribute
284	D.4 RADIUS Authentication D.4.1 RADIUS Authentication Method Table D.6 – CHAP-Challenge Attribute
285	D.4.2 RADIUS Authentication with NULL DH algorithm Table D.7 – Mathematical Notation for RADIUS Authentication
286	Figure D.1 – Unidirectional Authentication with RADIUS
287	D.4.3 Bidirectional Authentication with RADIUS Figure D.2 – Bidirectional Authentication with RADIUS
288	D.4.4 RADIUS Authentication with DH option
289	Figure D.3 – DH-CHAP Authentication with RADIUS
290	Annex E: Examples of Proposals Negotiation for the SA Management Protocol (informative)
291	Annex F: Guidelines for Mapping Access Control Requirements to Fabric Policies (informative)
292	Annex G: Pre FC-SP-2 Fabric Policy Implementations (informative) G.1 Overview G.2 Fabric Management Policy Set G.2.1 Fabric Management Policy Set Overview G.2.2 FMPS Hierarchy Model G.2.3 Policy Description
293	G.2.4 Policy Distribution G.2.5 Signature, Version Stamp, and Timestamp
294	G.2.6 FMPS Object Structure G.2.7 Fabric Initialization And Fabric Join Procedures G.2.7.1 Overview
295	G.2.7.2 Protocol Requirements G.2.7.3 Fabric Initialization Process
296	G.2.7.4 Fabric Join G.2.7.5 Full Database Distribution During Initialization and Joining Process G.2.7.6 Database Distribution Request from an administrator
297	G.2.8 FMPS Payload Format G.2.8.1 General Download Request Format
298	Table G.1 – Security Request Payload Table G.2 – Security Command Code
299	G.2.8.2 Certificate Download Request Table G.3 – Version Stamp Format Table G.4 – Certificate Download Object
300	G.2.8.3 Security Policy Download Request G.2.8.4 Security Policy Set Object Table G.5 – Security Policy Set Object
301	G.2.8.5 Security Policy Object Table G.6 – Security Policy Object Table G.7 – Type Value
302	G.2.8.6 Policy Member Object Table G.8 – Policy Type Value Table G.9 – Policy Member Object
303	G.2.8.7 Zone Set Object Structure G.2.8.8 General Download Accept Format Table G.10 – Member Type Value Table G.11 – Download Accept Payload Format
304	G.3 Fabric Binding G.3.1 Fabric Binding Overview Table G.12 – Request Response Code values Table G.13 – Request Reason Code values
305	G.3.2 Joining Switches G.3.3 Managing User-Initiated Change Requests G.3.4 Fabric Binding Objects G.3.4.1 Fabric Binding Membership List Entry G.3.5 Fabric Binding Commands Table G.14 – Fabric Binding Membership List Entry
306	G.3.6 Exchange Fabric Membership Data (EFMD) G.3.6.1 Overview G.3.6.2 EFMD Request Payload Table G.15 – Fabric Configuration Data Requests Table G.16 – EFMD Request Payload
307	G.3.6.3 Fabric Membership Data Exchange Rules Table G.17 – Operation Field Values Table G.18 – Fabric Binding Operation Membership Data
308	G.3.6.4 EFMD Accept Payload G.3.7 Exchange Security Attributes (ESA) G.3.7.1 Overview Table G.19 – EFMD Accept Payload Table G.20 – EFMD Reason Codes Additions
309	G.3.7.2 ESA Request Payload G.3.7.3 Enforced Security Attribute Object G.3.7.4 Use of Enforced Security Attribute and Required Security Attribute Mask Table G.21 – ESA Request Payload
310	G.3.7.5 Extended Security Attribute Object G.3.7.6 Use of Extended Security Attribute and Required Extended Security Attribute Mask G.3.7.7 ESA Accept Payload G.3.8 Query Security Attributes (QSA) Version 1 G.3.8.1 Overview Table G.22 – ESA Accept Payload
311	G.3.8.2 QSA Version 1 Request Payload G.3.8.3 QSA Version 1 Accept Payload Table G.23 – QSA Request Payload

Additional information

Status	Definitive
Pages	312
Publication Date	2024-08-16
ISBN	978 0 539 05916 8
Standard Number	BS ISO/IEC 14165-432:2022
Title	Information technology. Fibre channel – Security Protocols. 2 (FC-SP-2)
Identical National Standard Of	IEC 14165-432 Ed.1.0
Descriptors	Information technology, Fibres, Security, Authentication, Fabrics
Publisher	BSI
Committee	TCT/7
ICS Codes	35.200 - Interface and interconnection equipment

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS ISO/IEC 14165-432:2022:2024 Edition

PDF Catalog

Related products