Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: RE: [LinkSec] Requirements

To: PaulLambert@AirgoNetworks.Com
Subject: RE: RE: [LinkSec] Requirements
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 16 Dec 2002 10:45:49 -0500
Cc: stds-802-linksec@ieee.org
In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12DEEA42@wnimail.woodsidenet.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Paul:

> > And yet, the real problem is that the MAC address is not
> > fixed, and can easily be spoofed.
>
>Authentication of MAC addresses is a flaw not a feature.  MAC addresses 
>should NOT be used as the authenticated identity. Reasons:
>
>1) The MAC address may not be 'end-to-end' over a 'link'
>    example - IPsec with NAT

We are talking about Layer 2.  Even with 802.11, the source address and 
destination addresses are not altered by the access point.  These are 
end-to-end identifiers.

>2) MAC addresses can be media specific
>    ok for 802, but limits wider architectural application

We are doing an 802 standard, right?

>3) Limits user mobility (versus device mobility)

How?  In the model I proposed, the device is authenticated and the user is 
authenticate too.  Then, an authorization decision is made which is 
enforced by distributed components based on the authenticated MAC address.

>4) Does not allow anonymous MAC addresses
>    (802.11 currently allows easy tracking of users)

Correct.  We have discussed this issue in 802.11, and we have never found a 
mechanism that vendors are willing to support that provides anonymous MAC 
addresses.  I do not think that this is really a requirement.

>5) Spoofing of MAC addresses is not a risk when pair-wise keys are used
>    (authentication is provided of originator and data without using 
> addresses)

The MAC address is the name for a group of the layer 2 entities on one 
device.  As Mick pointed out, these entities are identified by SAPs.  Why 
would we want another name?  You seem to be proposing the use if key 
identifiers.  Key identifiers are very important for key management, but I 
do not think that they are the best names for the entities that know the key.

>6) Devices may have multiple MAC addresses

Correct.  Consider a bridge with four ports.  If it provides cryptographic 
services for some but not all ports, then it might be important to know 
which one is being addressed.

>7) Prevent architectural usage of vlan tags with cryptographic mechanisms
>    (much longer discussion ... several vlan/partitioning options)

I do not understand this point.

Russ

References:
- RE: RE: [LinkSec] Requirements
  - From: "Paul Lambert" <PaulLambert@AirgoNetworks.Com>

Prev by Date: RE: [LinkSec] Requirements
Next by Date: Re: FW: [LinkSec] Requirements
Prev by thread: RE: RE: [LinkSec] Requirements
Next by thread: RE: RE: [LinkSec] Requirements
Index(es):
- Date
- Thread