RE: [LinkSec] Business models still missing for point to point
Mick brought up two real usage scenarios for point-to-point security. These could be refined into a presentation and discussed in the meeting. Support from subscriber access Ethernet operators would be welcome, as well. I think this kind of discussion is required for being able to define a scope for a link security project.
As a refinement to these cases, I would welcome conversation about usage scenarios in homes to find out what kind of equipment should authenticate themselves, is it a box that connects home network to operator network or should all equipment who wish to communicate towards operator network authenticate themselves.
Antti
> -----Original Message-----
> From: owner-stds-802-linksec@majordomo.ieee.org
> [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf
> Of ext Mick
> Seaman
> Sent: Friday, January 03, 2003 6:30 PM
> To: stds-802-linksec@ieee.org
> Subject: RE: [LinkSec] Business models still missing for
> point to point
>
>
>
> Although the Telseon networks used all of below (point to
> point, VLANs, filtering) we had an ongoing requirement for
> securely identifying which customer was which in the network
> to prevent hookup mistakes in the field. Without
> authentication and authorisation built into the switches
> solutions to this problem are hokey, like requring each
> customer to use the certificate distributed to that customer
> for provisioning management access to conduct a session from
> each site so that connectivity could be verified before it
> was fully switched on. Comprehensive deployment of .1X or
> better would have simplified operational practice in our network.
>
> While I don't think a lot of Norm's scenario in the single
> enterprise context (if you have eavesdroppers and cable
> rerouters working for you you have worse problems) it is a
> real worry in multi-tenant units which are often occupied by
> professional organizations that are really meant to keep
> there data secure from others who could rent another office
> in the same building.
>
> Though most of the current market may live with the current
> level of security (an assertion I find very plausible) very
> little of the .3ah EPON market will.
>
> Mick
>
> > -----Original Message-----
> > From: owner-stds-802-linksec@majordomo.ieee.org
> > [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of
> > antti.pietilainen@nokia.com
> > Sent: Friday, January 03, 2003 6:49 AM
> > To: stds-802-linksec@ieee.org
> > Subject: [LinkSec] Business models still missing for point to point
> >
> >
> >
> > Hello all,
> > Usage scenarios for point-to-point networks are still missing
> > business case wise. It is possible that link security in
> > point-to-point case does not make sense. For example, it is
> > being told that 802.10 was used for a while but has not been
> > used after VLAN tagging was standardized. VLAN tagging,
> > source port filtering, and maybe filtering some Ethertypes at
> > access ports may be adequate to achieve high level of
> > security at layer two. For example, in Sweden and in other
> > places, as well, there are well established operators who run
> > IP over Ethernet networks for subscriber access. Probably
> > other L3 protocols may be carried over these L2 segments if
> > required.
> >
> > There are about 80 000 customers in Bredbandsbolaget's
> > network in Stockholm, Sweden. The company has been
> > operational for several years so they can probably cope with
> > the current level of security.
> >
> > Norman Finn brought up in principle a valid point-to-point
> > scenario in the security session in New Orleans. In that
> > scenario cables are run through multiple offices. There is a
> > risk of somebody in one office eavesdropping or inserting a
> > man-in-the-middle box into a cable running to another office.
> > With added L2 security it could be allowed that cables are
> > installed in that way. However, that kind of installation
> > does not really comply with current regulations for
> > installations in buildings. Therefore, I believe that the
> > scenario does not cover a large proportion of the total market.
> >
> > Antti Pietilainen
> > Nokia Research Center
> > P.O. Box 407
> > FIN-00045 NOKIA GROUP
> > Finland
> > tel. +358-(0)71-8036660, fax. +358-(0)71-8036214
> > email: antti.pietilainen@nokia.com
> >
>