RE: [LinkSec] Thoughts on high-level requirements
Peter,
One viewpoint on this:
If you want perimeter security, it can only be sensibly implemented at the link layer. The one business requirement that the group definitely has is EPON, which seems to want perimeter security. So whatever else you do, I think you have to do perimeter security.
On the other hand, peer to peer security can generally be achieved at the network layer, and if the user isn't prepared to set-up peer-to-peer security at the network layer I don't see why they would be prepared to do it at the link layer. I haven't seen anyone suggesting there is a business requirement for peer-to-peer link layer security.
The only group of protocols that seems to be left is link layer maintenance protocols like STP and 802.11 management frames. No-one seems greatly to care about securing them - maybe they're best left to the groups responsible for them rather than attempting to do something generic.
Mike Moreton, Synad Technologies.
-----Original Message-----
From: Peter Boucher [mailto:pboucher@rappore.com]
Sent: Friday, December 20, 2002 4:22 PM
To: LinkSec
Subject: [LinkSec] Thoughts on high-level requirements
In our last teleconference we all seemed to agree that it would be useful to look at business model requirements as a way to ensure that the technical requirements we settle on are all addressing important business concerns.
It seems to me that there are really two or more business models we could try to address. For example, service providers want to prevent theft of services and protect customers from each other, while enterprises may want us to help solve a different set of access control problems, and government may want to rely on us to help ensure that certain sensitive-but-unclassified data is secure from users who don't need-to-know, and thus are not authorized (by law) to gain access.
Some questions arise: Do we pick one model and ignore the others? Do we try to come up with a one-size-fits-all set of technical requirements that will address all of the business concerns of all of the models? Do we create a set of (not mutually incompatible) standards, one for each model?
Another area of high-level requirements related to the above, but interesting in its own right, is whether we do link security only as a perimeter-defense, or pervasively throughout the network. If we simply defend the perimeter, then each MAC address (for example) can be associated with a user, but if we are also supposed to secure the spanning-tree protocols and other communications between bridges, then some devices are not operating on behalf of any specific user.
Again: Do we do perimeter-defense and ignore the internal communications? Do we try to come up with a comprehensive set of technical requirements that will address both sets of concerns? Do we create a pair of (not mutually incompatible) standards, one for each model?