Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] Business models still missing for point to point

To: <stds-802-linksec@ieee.org>
Subject: RE: [LinkSec] Business models still missing for point to point
From: <antti.pietilainen@nokia.com>
Date: Sat, 4 Jan 2003 13:46:47 +0200
Sender: owner-stds-802-linksec@majordomo.ieee.org
Thread-Index: AcKzRVeK5xzqxVpMS4qPAzphRk7YAgAkEsTw
Thread-Topic: [LinkSec] Business models still missing for point to point


Mick brought up two real usage scenarios for point-to-point security. These could be refined into a presentation and discussed in the meeting. Support from subscriber access Ethernet operators would be welcome, as well. I think this kind of discussion is required for being able to define a scope for a link security project.

As a refinement to these cases, I would welcome conversation about usage scenarios in homes to find out what kind of equipment should authenticate themselves, is it a box that connects home network to operator network or should all equipment who wish to communicate towards operator network authenticate themselves. 

Antti



> -----Original Message-----
> From: owner-stds-802-linksec@majordomo.ieee.org
> [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf 
> Of ext Mick
> Seaman
> Sent: Friday, January 03, 2003 6:30 PM
> To: stds-802-linksec@ieee.org
> Subject: RE: [LinkSec] Business models still missing for 
> point to point
> 
> 
> 
> Although the Telseon networks used all of below (point to 
> point, VLANs, filtering) we had an ongoing requirement for 
> securely identifying which customer was which in the network 
> to prevent hookup mistakes in the field. Without 
> authentication and authorisation built into the switches 
> solutions to this problem are hokey, like requring each 
> customer to use the certificate distributed to that customer 
> for provisioning management access to conduct a session from 
> each site so that connectivity could be verified before it 
> was fully switched on. Comprehensive deployment of .1X or 
> better would have simplified operational practice in our network.
> 
> While I don't think a lot of Norm's scenario in the single 
> enterprise context (if you have eavesdroppers and cable 
> rerouters working for you you have worse problems) it is a 
> real worry in multi-tenant units which are often occupied by 
> professional organizations that are really meant to keep 
> there data secure from others who could rent another office 
> in the same building.
> 
> Though most of the  current market may live with the current 
> level of security (an assertion I find very plausible) very 
> little of the .3ah EPON market will.
> 
> Mick
> 
> > -----Original Message-----
> > From: owner-stds-802-linksec@majordomo.ieee.org
> > [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of
> > antti.pietilainen@nokia.com
> > Sent: Friday, January 03, 2003 6:49 AM
> > To: stds-802-linksec@ieee.org
> > Subject: [LinkSec] Business models still missing for point to point
> > 
> > 
> > 
> > Hello all,
> > Usage scenarios for point-to-point networks are still missing 
> > business case wise. It is possible that link security in 
> > point-to-point case does not make sense. For example, it is 
> > being told that 802.10 was used for a while but has not been 
> > used after VLAN tagging was standardized. VLAN tagging, 
> > source port filtering, and maybe filtering some Ethertypes at 
> > access ports may be adequate to achieve high level of 
> > security at layer two. For example, in Sweden and in other 
> > places, as well, there are well established operators who run 
> > IP over Ethernet networks for subscriber access. Probably 
> > other L3 protocols may be carried over these L2 segments if 
> > required.   
> >  
> > There are about 80 000 customers in Bredbandsbolaget's 
> > network in Stockholm, Sweden. The company has been 
> > operational for several years so they can probably cope with 
> > the current level of security.
> > 
> > Norman Finn brought up in principle a valid point-to-point 
> > scenario in the security session in New Orleans. In that 
> > scenario cables are run through multiple offices. There is a 
> > risk of somebody in one office eavesdropping or inserting a 
> > man-in-the-middle box into a cable running to another office. 
> > With added L2 security it could be allowed that cables are 
> > installed in that way. However, that kind of installation 
> > does not really comply with current regulations for 
> > installations in buildings. Therefore, I believe that the 
> > scenario does not cover a large proportion of the total market.
> > 
> > Antti Pietilainen
> > Nokia Research Center
> > P.O. Box 407
> > FIN-00045 NOKIA GROUP
> > Finland
> > tel. +358-(0)71-8036660, fax. +358-(0)71-8036214
> > email: antti.pietilainen@nokia.com
> > 
>

Prev by Date: RE: [LinkSec] Business case for wireless is missing
Next by Date: [LinkSec] Business case for wireless is missing
Prev by thread: Re: [LinkSec] Business models still missing for point to point
Next by thread: RE: [LinkSec] Business models still missing for point to point
Index(es):
- Date
- Thread