Re: [STDS-802-11-TGAK] 802.11ak - Encryption of EPD formated frames
>>If you are talking about 802.1AE between those bridge ports, the bridge ports can do whatever they want. There is no reason for the STA to know anything >>about it. If the bridge ports apply 802.1AE, the payload will simply start with an 802.1AE tag.
Meaning 2 crypto engines...
Eventually in an unified LAN bridged network when all wireless links will be 11ak EDP and the encryption engine AES GCM (notice that 11.ad crypto is AES GCM (and not AES CCMP) and this crypto will be applicable to earlier versions as well) should we be forced to retain both 801.AE AND 802.11i ?
/Ph
-----Original Message-----
From: Donald Eastlake [mailto:d3e3e3@xxxxxxxxx]
Sent: Thursday, January 22, 2015 5:43 PM
To: Philippe Klein
Cc: TGak
Subject: Re: [STDS-802-11-TGAK] 802.11ak - Encryption of EPD formated frames
Hi Philippe,
?
A GLK STA provides an ISS interface to what is assumed to be a local bridge port for each other GLK STA it is talking to.
If you are talking about 802.1AE between those bridge ports, the bridge ports can do whatever they want. There is no reason for the STA to know anything about it. If the bridge ports apply 802.1AE, the payload will simply start with an 802.1AE tag. Conceivably we might need to do something so that the bridge ports can conveniently talk 802.1X across the 802.11 hop but I don't think so. I think it will just work.
If you are talking about changing STAs to use 802.1AE, I don't understand why. 802.11 provides excellent robust and essentially universally deployed security. Why muck with it?
Thanks,
Donald
=============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA d3e3e3@xxxxxxxxx
On Thu, Jan 22, 2015 at 12:28 AM, Philippe Klein <philippe@xxxxxxxxxxxx> wrote:
> The current P802.11ak_D0.06 draft version does not mention any
> requirement in regard to the encryption of EPD formatted frames.
>
>
>
> I suggest we add a requirement that EPD formatted frames must be
> encrypted in a way compatible with IEEE 802.1AE (MACsec) as the
> 802.3/Ethernet frames are (notice that 802.11ad crypto mode is
> AES-GCM, the same crypto mode that the default Cypher Suite of 802.1AE).
>
>
>
> If you agree I will post a contribution that could be discuss next
> Monday during the conf call.
>
> Thank you
>
>
>
> /Philippe
>
>
>
> Philippe Klein, PhD |Technical Director, Broadband Technology Group
>
> Broadcom Corporation | Golan House, P.O.Box 273, Airport City, 70100
> Israel
>
> (M) +972 54 313 4500 | philippe@xxxxxxxxxxxx
>
>
>
> ______________________________________________________________________
> _________
>
> IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your
> request to this CLOSED reflector. We use this valuable tool to
> communicate on the issues at hand.
>
> SELF SERVICE OPTION: Point your Browser to -
> http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and then
> amend your subscription on the form provided. If you require removal
> from the reflector press the LEAVE button.
>
> Further information can be found at:
> http://www.ieee802.org/11/Email_Subscribe.html
> ______________________________________________________________________
> _________
_______________________________________________________________________________
IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this
CLOSED reflector. We use this valuable tool to communicate on the issues at hand.
SELF SERVICE OPTION:
Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and
then amend your subscription on the form provided. If you require removal from the reflector
press the LEAVE button.
Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html
_______________________________________________________________________________