RE: FW: [LinkSec] Requirements
Mick:
For now, I will accept the assertion. We can have the beers later.
The key management may need to be improved, but this complaint does not
mean that the SDE protocol itself needs to be discarded.
Russ
At 02:56 PM 12/16/2002 -0800, Mick Seaman wrote:
>Russ,
>
>The performance implications of using such a probe technique on network
>reconfiguration and failure recovery are awful to put it mildly. I can do a
>thorough justification of this statement given time, but this is probably a
>five beer conversation.
>
>Mick
>
> > -----Original Message-----
> > From: owner-stds-802-linksec@majordomo.ieee.org
> > [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of Russ
> > Housley
> > Sent: Monday, December 16, 2002 7:25 AM
> > To: mick_seaman@ieee.org
> > Cc: stds-802-linksec@ieee.org
> > Subject: Re: FW: [LinkSec] Requirements
> >
> >
> >
> > Mick:
> >
> > This is simply not true!
> >
> > Secure Data Exchange (SDE) (802.10b) can be either
> > station-to-station or
> > station-to-bridge or bridge-to-bridge. In fact, Annex 3A
> > (which is part of
> > the key management document (802.10c)), specifies the probe
> > frames that are
> > used to locate a remote SDE entity. These are needed when
> > the destination
> > address is not the same as the decryptor address.
> >
> > Russ
> >
> > At 10:15 AM 12/12/2002 -0800, Mick Seaman wrote:
> > >That sounds trite, but isn't. What I mean to say (and this
> > is the bridge
> > >point again) that if part of the newtork is believed
> > physically secured and
> > >frames are transmiteed in the clear, then 802.10 does not support
> > >encrypt/decrypt/protect etc. by the intervening bridges to
> > carry the traffic
> > >over part of the network deemed exposed. Setting up a tunnel
> > for the frames
> > >is really nnot a solution here.
> >
> >