Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: FW: [LinkSec] Requirements

To: Dennis Volpano <volpano@cranitesystems.net>
Subject: RE: FW: [LinkSec] Requirements
From: Russ Housley <housley@vigilsec.com>
Date: Thu, 09 Jan 2003 17:24:10 -0500
Cc: mick_seaman@ieee.org, stds-802-linksec@ieee.org
In-Reply-To: <Pine.LNX.4.04.10301021705090.449-100000@wavelan1.cs.nps.navy.mil>
References: <5.2.0.9.2.20030102163841.021eafa8@mail.binhost.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Dennis:

> > >Clearly this model needs extending and refining to shared or semi-shared
> > >media, and how that is done depends on the number of possible links. For a
> > >.3ah ONU there is really only one link (to the OLT) so the fact that the
> > >media is (semi) shared doesn't alter the basic procedure at all. Note 
> that,
> > >just as with Link Aggregation, A&A needs to run below any 'fixup bridging'
> > >layer which converts the intrinsic point-to-multipoint nature of .3ah to a
> > >shared media (this is not an architectural problem, and has no bearing on
> > >which group should do the work).
> >
> > I agree.  In fact, 802.10b SDE had a similar layer placement.  SDE is 
> below
> > the 802.1D, so it can be used to protect BPDUs.
>
>So what security association would be used in this case and what's its
>scope?

This depends on many things. In the topology that Mick has proposed, the 
security association would be between adjacent bridges.  Each bridge would 
have one security association for each of its neighbors.

Russ

References:
- RE: FW: [LinkSec] Requirements
  - From: Russ Housley <housley@vigilsec.com>
- RE: FW: [LinkSec] Requirements
  - From: Dennis Volpano <volpano@cranitesystems.net>

Prev by Date: [LinkSec] Table from this afternoon's discussion
Next by Date: RE: FW: [LinkSec] Requirements
Prev by thread: RE: FW: [LinkSec] Requirements
Next by thread: RE: FW: [LinkSec] Requirements
Index(es):
- Date
- Thread