From: Christoph Hellwig <hch@lst.de>
Date: Thu, 7 Jul 2022 16:07:06 +0000 (+0200)
Subject: separate general requirement from specific NVMe/TCP requirement
X-Git-Tag: draft-hellwig-nfsv4-scsi-layout-nvme-03~2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=401a23516a14642c598868cac7bb96f88c115f47;p=users%2Fhch%2Fscsi-layout-nvme.git

separate general requirement from specific NVMe/TCP requirement

From David Black
---

diff --git a/scsi_nvme_middle.xml b/scsi_nvme_middle.xml
index 82b9fc7..f140bcf 100644
--- a/scsi_nvme_middle.xml
+++ b/scsi_nvme_middle.xml
@@ -249,10 +249,14 @@
   <t>
     It is the responsibility of those administering and deploying
     pNFS with an NVMe layout to ensure that appropriate protection is
-    deployed to that protocol. When using IP-based storage protocols
-    such as NVMe on TCP, TLS <xref target="RFC8446" /> SHOULD be used
-    as outlined in <xref target="NVME-TCP" /> to protect traffic between
-    pNFS clients and NVMe storage devices.
+    deployed to that protocol.
+    When using IP-based storage protocols such as NVMe over TCP, data
+    confidentiality and integrity SHOULD be provided for traffic between
+    pNFS clients and NVMe storage devices by using a secure communication
+    protocol such as TLS  <xref target="RFC8446" />.  For NVMe over TCP,
+    TLS SHOULD be used as described in <xref target="NVME-TCP" /> to
+    protect traffic between pNFS clients and NVMe namespaces used as
+    storage devices.
   </t>
   <t>
     Physical security is a common means for protocols not based on IP.