Re: [LinkSec] linksec roadmap
Dennis Volpano wrote:
>
> In my trust model, group members trust each other because the group is
> a "security group", in the sense that it requires authentication to join.
> Once the group leader has taken the steps needed to be convinced
> that a station and perhaps its user is trustworthy, it may admit the
> station, depending on whether the station is authorized to join.
>
> Granted, a station may misbehave after being given membership, in
> which case group members are at *some* risk. Precisely, they need only
> be at risk with respect to link layer integrity because stations can still
> take other steps at upper layers to protect privacy if they wish. Limiting
> the consequences of the misbehavior to the group is the best one can do.
>
> Dennis
>
This sounds rather like what the MSEC WG in the IETF is trying to accomplish.
I don't think that this type of scenario is useful at L2. This behaviour is
very useful for higher-layer apps, like conferencing, etc. That is where MSEC
will be useful, once it solves some of the hairy, hairy, hairy group key management
problems. I don't think that this hair belongs in L2.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613 763 9145
Security Architecture and Planning Fax: (ESN) 393-9435 +1 613 763 9435
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------