Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] linksec roadmap

To: "Russ Housley" <housley@vigilsec.com>
Subject: RE: [LinkSec] linksec roadmap
From: "Paul Lambert" <PaulLambert@AirgoNetworks.Com>
Date: Tue, 10 Dec 2002 11:18:09 -0800
Cc: <stds-802-linksec@ieee.org>
Sender: owner-stds-802-linksec@majordomo.ieee.org
Thread-Index: AcKggIiCVY4LnBEKQ8qEsS2v3pivXgAACBzg
Thread-Topic: [LinkSec] linksec roadmap



> give the bad player the new key too.  In a sizable group, 
> this can take  quite a long time.

Not necessarily ... existing cable and satillte distribution system provide fairly rapid updates of 'group keys' to millions of users.


> -----Original Message-----
> From: Russ Housley [mailto:housley@vigilsec.com]
> Sent: Tuesday, December 10, 2002 11:14 AM
> To: Dennis Volpano
> Cc: stds-802-linksec@ieee.org
> Subject: Re: [LinkSec] linksec roadmap
> 
> 
> 
> Dennis:
> 
> One problem with an architecture like this is removing a bad 
> player.  It 
> forces you to change the key that everyone is using, taking 
> care to not 
> give the bad player the new key too.  In a sizable group, 
> this can take 
> quite a long time.
> 
> Russ
> 
> At 10:59 AM 12/10/2002 -0800, Dennis Volpano wrote:
> 
> 
> >On Tue, 10 Dec 2002, Marcus Leech wrote:
> >
> > > The roadmap had me somewhat confused, and maybe it's 
> because I don't really
> > >   understand what the *application space* of VLANs is.  
> But it seems to me
> > >   that a LAN segment with a group-shared key suffers from 
> the same 
> > problems as
> > >   a completely unsecured LAN segment--I can spy on my 
> neighbours, and forge
> > >   traffic.  Having a single key that is shared among 500 
> of my nearest and
> > >   dearest is like having no key at all.  Granted, I won't 
> be able to forge
> > >   traffic on a *different* VLAN, but that's only slightly 
> better than 
> > nothing
> > >   at all.  But maybe that's not what Dennis intended?
> > >
> >
> >In my trust model, group members trust each other because 
> the group is
> >a "security group", in the sense that it requires 
> authentication to join.
> >Once the group leader has taken the steps needed to be convinced
> >that a station and perhaps its user is trustworthy, it may admit the
> >station, depending on whether the station is authorized to join.
> >
> >Granted, a station may misbehave after being given membership, in
> >which case group members are at *some* risk.  Precisely, 
> they need only
> >be at risk with respect to link layer integrity because 
> stations can still
> >take other steps at upper layers to protect privacy if they 
> wish.  Limiting
> >the consequences of the misbehavior to the group is the best 
> one can do.
> >
> >Dennis
> >
> > >
> > > --
> > > 
> ----------------------------------------------------------------------
> > > Marcus Leech                             Mail:   Dept 
> 8M70, MS 012, FITZ
> > > Advisor                                  Phone: (ESN) 
> 393-9145  +1 613 
> > 763 9145
> > > Security Architecture and Planning       Fax:   (ESN) 
> 393-9435  +1 613 
> > 763 9435
> > > Nortel Networks                          mleech@nortelnetworks.com
> > > -----------------Expressed opinions are my own, not my 
> employer's------
> > >
> 
>

Follow-Ups:
- Re: [LinkSec] linksec roadmap
  - From: "Marcus Leech" <mleech@nortelnetworks.com>

Prev by Date: RE: [LinkSec] REMINDER: next call is tomorrow
Next by Date: Re: [LinkSec] Conference Call Full :-(
Prev by thread: RE: [LinkSec] linksec roadmap
Next by thread: Re: [LinkSec] linksec roadmap
Index(es):
- Date
- Thread