| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Apologies for the delayed posting (novice note-taker).
On the call: Marcus Leech, Dennis Volpano, Norm Finn, Dan Romascanu, David Nelson, Mahalingam Mani, Antti Pietilainen, Bob Moskowitz, Dolors Sala (apologies again – in case I have missed anyone).
Dolors: Resuming Scenarios discussions Marcus: (In reference to the Corporate Scenario slides posted by him 2/3/03) which applicable models of interest are we going to pursue? As of Nortel’s example: Router at the backend with high-speed switching; wide-area fabric is IP-based. no multi-tenanting arrangements. secure end-stn.-to end-stn. discussions previously discussed: elegant; complex and; requires a web of trust between end-stns; implying PKI/Kerberos to be suitable model of authentication and key mgmt. the other case is hop-hop with immediate next neighbor hop. 802.10 type crypto-aware vs. non-crypt-aware bridges.
Norm: unable to tease how it works out of 802.10 doc. Marcus: not sure how it is supposed to work (reference to absence of Russ who could have thrown more light on the motivations in 802.10 in regard to this).
BobM: Some layer of trust is required to do the business. Dolors: question was about trust model Marcus: pointed out the enterprise trust model. Mick mentioned don’t care about hubs introduced between endpoints and bridge. Dan: authentication from app-server view-pt: can key-distribution serve the whole layout, one for wireless/one for wireline.
Marcus: if PK based or any other backend i don't think (key dist.) it is a whole lot different Marcus: L2 fabric does not run far before running into a router. typically run 2000 hosts in a network (refer to Marcus's presentation). Marcus: Nortel moved to switched hubs only a few yrs. back Norm: Should link security be between end-stn & bridge; or pt-pt bridge? Marcus: If I Establish SA between me (end-stn) and hub i thwart any MitM coming in between. Norrn: Sounds similar to .11i Marcus: agreed.
Dolors: 3 cases; Dan/Norm you think end-end will be the third. Marcus: end-end stn may be reqd.; but making work with .1X may be nightmarish. Norm: i do not want to consider as need-to; but nice to have; perhaps with .1X;
Marcus: end-end complicates trust model by either having local store(bad) or refer to external server (which begs) an already iexisting trusted infrastructure. Dave Nelson: pls. review for me complications over .1X Norm: eap was not designed for peer-peer BobM: was specifically designed for peer-peer. (underlying state machine is a peer-peer model); recent work is fixing many problems related to peer-peer model. Mani: what are the fixes? Norm: No linkstate should be required to signal any security state. All entities have to be Communicating to each other at L2. BobM: All signaling is taken out of it in a new auth model; L2.5 say. based on discovery. which helps bridges to be discovered as well. Norm: Let’s consider the more complicated scenario of multiple bridges on a fat-yellow coax model. Here the end station has no way of figuring out which of the bridges is going to forward its packets and so unsure with which to establish SA (or to estalblish with all). Some may not be crypto-enabled. Bob: no link-signaling to say which bridge to authenticate to. Sounds similar MSEC( Multicast Security) type problem. Mani: end-stn to end-stn use-cases are not many ; and so not try to solve the complex problem for now? Marcus: fat-coax above is one of them Norm: On use of IPsec at L3 vs. link-layer security at L2 for end-end security the former is by far the preferred method of protection. Mani: agreed. lower layer security taken care of on hop-hop. Antti: how do you discover reliably Norm: ARP Bob: even discovering at l3, l2 protection can bring benefits. Norm: agree on l2 protection need. if we are talking end-end(peer-peer). Bob: both l2 & l3 are needed - use l2 up to routers and let router use L3 security. Norm: can't sell the product; different needs/responsibilities. Bob: cheapest way to connect between 2 routers is link-sec. Dolors: end-end applicability to provider network. Norm: end-end link-sec between my bridges thru SP network - unless we are talking encrypted mac addresses. Dave: known plaintext attack susceptibility with encrypted mac addresses. Dolors: multihop issues. Norm: agreement on using 802.10 as basis Bob: except for authentication model Norm: 1x - is that acceptable Marcus: one can tolerate it if that’s (802.1X) what becomes the choice. Antti: identity protection is not available. Norm: Of encrypting MAC addresses? Antti: yes.
Mani: .1x comments: should not preclude consideration of other auth methods as well - such as distributed trust models like PKI; end-end or point-point cases can quickly lead to scalability problems such as in 802.1X based solution for ad-hoc 802.11 network.
Bob: The recent changes under way in 802.1X (via 802.1aa) and EAP enhancements are meant to address exactly that kind Of scalability concerns and allow for efficient negotiations thereof.
|