Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: FW: [LinkSec] Requirements

To: mick_seaman@ieee.org
Subject: Re: FW: [LinkSec] Requirements
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 16 Dec 2002 10:24:55 -0500
Cc: stds-802-linksec@ieee.org
In-Reply-To: <005001c2a20a$85bf13a0$220110ac@corp.telseon.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org

Mick:

This is simply not true!

Secure Data Exchange (SDE) (802.10b) can be either station-to-station or 
station-to-bridge or bridge-to-bridge.  In fact, Annex 3A (which is part of 
the key management document (802.10c)), specifies the probe frames that are 
used to locate a remote SDE entity.  These are needed when the destination 
address is not the same as the decryptor address.

Russ

  At 10:15 AM 12/12/2002 -0800, Mick Seaman wrote:
>That sounds trite, but isn't. What I mean to say (and this is the bridge
>point again) that if part of the newtork is believed physically secured and
>frames are transmiteed in the clear, then 802.10 does not support
>encrypt/decrypt/protect etc. by the intervening bridges to carry the traffic
>over part of the network deemed exposed. Setting up a tunnel for the frames
>is really nnot a solution here.

Follow-Ups:
- RE: FW: [LinkSec] Requirements
  - From: "Mick Seaman" <mick_seaman@ieee.org>

References:
- FW: [LinkSec] Requirements
  - From: "Mick Seaman" <mick_seaman@ieee.org>

Prev by Date: RE: RE: [LinkSec] Requirements
Next by Date: RE: [LinkSec] Requirements
Prev by thread: FW: [LinkSec] Requirements
Next by thread: RE: FW: [LinkSec] Requirements
Index(es):
- Date
- Thread