Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: Key Identification RE: [LinkSec] Requirements

To: PaulLambert@AirgoNetworks.Com
Subject: Re: Key Identification RE: [LinkSec] Requirements
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 16 Dec 2002 15:04:59 -0500
Cc: stds-802-linksec@ieee.org
In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12DEEA7A@wnimail.woodsidenet.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Paul:

> >The only
> > possible identifier for the key that can be used at this level are MAC
> > addresses, unless of course someone wants to invent a new 802
> > architecture.
>
>Yes ... the MAC address is very useful for identifing a key, although a 
>keyID, SAID, or SPI mechanism could also be used.  Using a MAC address to 
>identify an association/key is not the same as authenticating the MAC address.

Security Association Identifiers (SAIDs) are useful. However, they ought to 
be transient.  I envision the MAC address as the identifier for the layer 2 
participant in the security protocol.  This is more static than an SAID.

Russ

References:
- Key Identification RE: [LinkSec] Requirements
  - From: "Paul Lambert" <PaulLambert@AirgoNetworks.Com>

Prev by Date: RE: Key Identification RE: [LinkSec] Requirements
Next by Date: RE: [LinkSec] Requirements
Prev by thread: Key Identification RE: [LinkSec] Requirements
Next by thread: RE: Key Identification RE: [LinkSec] Requirements
Index(es):
- Date
- Thread