Re: [LinkSec] linksec roadmap
At 02:02 PM 12/10/2002 -0500, Marcus Leech wrote:
> > In my trust model, group members trust each other because the group is
> > a "security group", in the sense that it requires authentication to join.
> > Once the group leader has taken the steps needed to be convinced
> > that a station and perhaps its user is trustworthy, it may admit the
> > station, depending on whether the station is authorized to join.
> >
> > Granted, a station may misbehave after being given membership, in
> > which case group members are at *some* risk. Precisely, they need only
> > be at risk with respect to link layer integrity because stations can still
> > take other steps at upper layers to protect privacy if they wish. Limiting
> > the consequences of the misbehavior to the group is the best one can do.
>
>This sounds rather like what the MSEC WG in the IETF is trying to accomplish.
> I don't think that this type of scenario is useful at L2. This
> behaviour is
> very useful for higher-layer apps, like conferencing, etc. That is
> where MSEC
> will be useful, once it solves some of the hairy, hairy, hairy group
> key management
> problems. I don't think that this hair belongs in L2.
There might be *ONE* senario that fits this. Norm Finn talked about it at
the last Plenary:
Consider a real ethernet with 2 bridges. The stations really do not know
or care which bridge handles their frames. They have to be authenticated
to both.
There are probably other senarios like this.
Robert Moskowitz
Senior Technical Director
ICSA Labs
(248) 968-9809
Fax: (248) 968-2824
rgm@trusecure.com
There's no limit to what can be accomplished
if it doesn't matter who gets the credit