RE: FW: [LinkSec] Requirements
Russ,
The performance implications of using such a probe technique on network
reconfiguration and failure recovery are awful to put it mildly. I can do a
thorough justification of this statement given time, but this is probably a
five beer conversation.
Mick
> -----Original Message-----
> From: owner-stds-802-linksec@majordomo.ieee.org
> [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of Russ
> Housley
> Sent: Monday, December 16, 2002 7:25 AM
> To: mick_seaman@ieee.org
> Cc: stds-802-linksec@ieee.org
> Subject: Re: FW: [LinkSec] Requirements
>
>
>
> Mick:
>
> This is simply not true!
>
> Secure Data Exchange (SDE) (802.10b) can be either
> station-to-station or
> station-to-bridge or bridge-to-bridge. In fact, Annex 3A
> (which is part of
> the key management document (802.10c)), specifies the probe
> frames that are
> used to locate a remote SDE entity. These are needed when
> the destination
> address is not the same as the decryptor address.
>
> Russ
>
> At 10:15 AM 12/12/2002 -0800, Mick Seaman wrote:
> >That sounds trite, but isn't. What I mean to say (and this
> is the bridge
> >point again) that if part of the newtork is believed
> physically secured and
> >frames are transmiteed in the clear, then 802.10 does not support
> >encrypt/decrypt/protect etc. by the intervening bridges to
> carry the traffic
> >over part of the network deemed exposed. Setting up a tunnel
> for the frames
> >is really nnot a solution here.
>
>