RE: [LinkSec] Requirements
Paul:
A nice enough list to start the conversation. Here is some feedback.
> My preliminary view of requirements.
>
> Paul
>
-- snip --
> 2) Layering
> a) Be applicable to multiple 802 MAC protocols
To me this implies that protection for MAC-specific control messages is out
of scope, since by definition MAC-specific messages do not run within
different MACs. Is that your intent?
-- snip --
> d) Protect broadcast/multicast traffic and protocols
What kind of broadcast/multicast protection do you have in mind? Clearly it
is not economically feasible to solve the general problem with
public/private key techniques, but it is not technically feasible to use
symmetric keys to provide much more than a veneer without the additional
assumption that none of the members of the group will ever violate the
common goals of the group, either maliciously or inadvertantly.
-- snip --
> 4) Cryptographic Mechanisms
> a) Provide suitable algorithms for threat/performance
> environment of PONs
Do we know what the threats are? From the EPON discussion, it sounds like
the major threat is theft of service, i.e., protection of the service
provider from its customers. Within 802.11 the major threat has been (only
partly tongue in cheek) the provider, so the emphasis of the problem
solution goes the other way around, how to protect customers from the
providers. Is there enough commonality of threats to meet the already stated
goal of providing a single protocol across 802 environments? I'm not sure
there is, which is why I am skeptical of the marhing orders to find one
solution for all of 802. Just what segment of 802 are we talking about?
-- Jesse