Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGAK] 802.11ak - Encryption of EPD formated frames

Hi Philippe,

On Fri, Jan 23, 2015 at 8:20 AM, Philippe Klein <philippe@xxxxxxxxxxxx> wrote:
> Hi Adrian,
> I first agree with you that the key management the issue rather then
> encryption in secured networks but I am not following you on the 2 separate
> networks independently managed in the case of wired/wireless GLK bridged
> networks. It is quite critical that such network is part of the dame
> infrastructure and must be key manageable from the same management protocol
> but I do not see what prevent to use 802.1X for both wired and wireless
> links.

802.11i claims to use 802.1X and, in any case, both 802.11i and 802.1X
use EAP (Extensible Authentication Protocol). (Possibly 802.11w does
also but I'm not sure.) So, while I haven't done a detailed study, I
don't see why they couldn't both use the same EAP method for key
agreement including, possibly, the same certificates.

> My initial mail was more focused on the encryption format to **eventually**
> allow an encrypted EDP frames to be able to be transparently bridged by the
> bridges connected by a GLK link...

I find your use of "transparently bridged" a bit odd. Either we are
talking about link security, in which case the formats, etc., don't
leak off the local link, or we are talking about some sort of
end-to-end or edge-to-edge security, in which case whatever format is
being used is transparently tunneled through...

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@xxxxxxxxx

> Sincerely /Ph
>
> Sent from my iPhone
>
> On Jan 23, 2015, at 2:33, "Stephens, Adrian P" <Adrian.P.Stephens@xxxxxxxxx>
> wrote:
>
> Hello Philippe,
>
>
>
> I personally don’t think encryption is the central issue.   The big deal, to
> me, is key management,  which is often the weakness
>
> in any system of security.   Trying to merge 802.11 credential management
> (which focusses on ease of use,
>
> user interface & presentation,  automatic provisioning of credentials from
> operators) with the wired
>
> infrastructure credential management seems to me like something too hard to
> consider.
>
>
>
> In my mind we have distinct types of network,  managed by distinct operators
> with very different infrastructure.
>
>
>
> Best Regards,
>
>
>
> Adrian P STEPHENS
>
>
>
> Tel: +44 (1793) 404825 (office)
> Tel: +1 (971) 330 6025 (mobile) ç please note new number
>
>
>
> ----------------------------------------------
> Intel Corporation (UK) Limited
> Registered No. 1134945 (England)
> Registered Office: Pipers Way, Swindon SN3 1RJ
> VAT No: 860 2173 47
>
>
>
> From: Philippe Klein [mailto:philippe@xxxxxxxxxxxx]
> Sent: 22 January 2015 21:05
> To: STDS-802-11-TGAK@xxxxxxxxxxxxxxxxx
> Subject: Re: [STDS-802-11-TGAK] 802.11ak - Encryption of EPD formated frames
>
>
>
> Hi Dan,
>
> I understand it is the case today but as EPD mode is  a totally “new” format
> for 802.11 should we try to unified as much as possible with the Ethernet
> format including encrypted frame format ? This was the initial sense of my
> question …
>
>
>
> /Ph
>
>
>
> From: Dan Harkins [mailto:dharkins@xxxxxxxxxxxxxxxxx]
> Sent: Thursday, January 22, 2015 10:59 PM
> To: Philippe Klein; STDS-802-11-TGAK@xxxxxxxxxxxxxxxxx
> Subject: Re: [STDS-802-11-TGAK] 802.11ak - Encryption of EPD formated frames
>
>
>
>
>
>   Hi Philippe,
>
>
>
> On 1/21/15 9:28 PM, "Philippe Klein" <philippe@xxxxxxxxxxxx> wrote:
>
>
>
> The current P802.11ak_D0.06 draft version does not mention any requirement
> in regard to the encryption of EPD formatted frames.
>
>
>
> I suggest we add a requirement that EPD formatted frames must be encrypted
> in a way compatible with IEEE 802.1AE (MACsec) as the 802.3/Ethernet frames
> are (notice that 802.11ad crypto mode is AES-GCM, the same crypto mode that
> the default Cypher Suite of 802.1AE).
>
>
>
>   While the cipher mode is the same the format of the frames and the
> location of the AAD passed to
>
> AES-GCM is different. I think if it's an 802.11 frame it should be protected
> the way the 802.11 standard
>
> specifies.
>
>
>
>   regards,
>
>
>
>   Dan.
>
>
>
> If you agree I will post a contribution that could be discuss next Monday
> during the conf call.
>
> Thank you
>
>
>
> /Philippe
>
>
>
> Philippe Klein, PhD |Technical Director, Broadband Technology Group
>
> Broadcom Corporation | Golan House, P.O.Box 273, Airport City, 70100 Israel
>
> (M) +972 54 313 4500 | philippe@xxxxxxxxxxxx
>
>
>
> _______________________________________________________________________________
>
> IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your
> request to this CLOSED reflector. We use this valuable tool to communicate
> on the issues at hand.
>
> SELF SERVICE OPTION: Point your Browser to -
> http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and then amend
> your subscription on the form provided. If you require removal from the
> reflector press the LEAVE button.
>
> Further information can be found at:
> http://www.ieee802.org/11/Email_Subscribe.html
> _______________________________________________________________________________
>
> _______________________________________________________________________________
>
> IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your
> request to this CLOSED reflector. We use this valuable tool to communicate
> on the issues at hand.
>
> SELF SERVICE OPTION: Point your Browser to -
> http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and then amend
> your subscription on the form provided. If you require removal from the
> reflector press the LEAVE button.
>
> Further information can be found at:
> http://www.ieee802.org/11/Email_Subscribe.html
> _______________________________________________________________________________
>
> _______________________________________________________________________________
>
> IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your
> request to this CLOSED reflector. We use this valuable tool to communicate
> on the issues at hand.
>
> SELF SERVICE OPTION: Point your Browser to -
> http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and then amend
> your subscription on the form provided. If you require removal from the
> reflector press the LEAVE button.
>
> Further information can be found at:
> http://www.ieee802.org/11/Email_Subscribe.html
> _______________________________________________________________________________

_______________________________________________________________________________

IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this
CLOSED reflector. We use this valuable tool to communicate on the issues at hand.

SELF SERVICE OPTION:
Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and
then amend your subscription on the form provided.  If you require removal from the reflector
press the LEAVE button.

Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html
_______________________________________________________________________________