Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] Requirements

To: "'Sanjeev Mahalawat'" <sanjeev@cisco.com>
Subject: RE: [LinkSec] Requirements
From: "Walker, Jesse" <jesse.walker@intel.com>
Date: Thu, 12 Dec 2002 08:01:25 -0800
Cc: "'Paul Lambert'" <PaulLambert@AirgoNetworks.Com>, stds-802-linksec@ieee.org
Sender: owner-stds-802-linksec@majordomo.ieee.org


Snajeev,

> >For instance, I believe IT departments have not deployed 
> end-to-end IPsec or
> >802.10 in part because it transfers control over the 
> activities in the
> >network from IT to the end users (strike one),
> 
> 
> If one end control of IPSec can be in the hands of users, 
> then why giving 
> other end
> to users is so bad? If doing that has scalability (or is it 
> practical) 
> issue then it is IPSec
> design flaw, no?
> 
> >and because these
> >technologies interfer with IT's ability ability to 
> troubleshoot problems
> >with service--the packet sniffer is the troubleshooting tool 
> of last resort
> >(strike two)--
> 
> 
> Since this troubleshooting tool may be a threat too, that may 
> be one of the 
> reasons
> IT would not want sniffers around on the LAN, only the 
> authorized ones, no?
> 

Here I was sharing information gleened over the years while trying to play
the role of anthropologist. I presented this "data" to "explain" the
empirical fact that IT departments by and large prohibit IPsec, 802.10, and
like technologies within their internal wired LANs, not to justify their
stance, or to validate their reasoning as I understand it (which I might
have gotten wrong, because I am not an anthropologist). Having said that, my
response has to be the customer is always right ;-) If by their capital
spending behavior they say they don't want my design, it is part of my job
to understand why. As we work on security designs we need to understand why
security succeeds in the relatively few places where it does and why it
fails from a market perspective in the overwhelming majority of cases. If we
don't do this exercise, then we are almost guaranteed to fail, again.

I am willing to posit the outrageous claim ("outrageous" because we have not
agreed on or even identified requirements, expect for Paul Lambert's
admirable attempt; "claim" because it may not be true) that from a security
perspective 802.10 is exactly the right kind of solution, but we know 802.10
failed. Why did it fail? I believe the marching orders for the SG as I
understand them will lead us right back to a design like 802.10, because my
experience says that this is the only kind of design that (a) is generally
applicable across 802 media and (b) actually provides security. So what do
we change, what do we sacrifice in the 802.10 design to make it succeed? If
we cannot answer that question, then my vote is either we alter the marching
orders into something that allows the SG to succeed, or else we should
abandon the effort.

-- Jesse

Prev by Date: RE: [LinkSec] Notes from meeting 12/10/02
Next by Date: Re: [LinkSec] Notes from meeting 12/10/02
Prev by thread: RE: [LinkSec] Requirements
Next by thread: Re: RE: [LinkSec] Requirements
Index(es):
- Date
- Thread