Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] teleconf mtg notes 2/25/03

To: stds-802-linksec@ieee.org
Subject: [LinkSec] teleconf mtg notes 2/25/03
From: Allyn Romanow <allyn@cisco.com>
Date: Tue, 25 Feb 2003 12:47:30 -0800
Sender: owner-stds-802-linksec@majordomo.ieee.org


2/25/03 ECSG LinkSec
Chair Dolors Sala, dolors@ieee.org
Notes Allyn Romanow, allyn@cisco.com

Attendees
Onn Halan, Dolors Sala, Allyn Romanow, Bob Moskowitz, Ali Abaye, Antti
Pietelainen, Norm Finn


Summary:

Consider 5 objectives
1.Unified security arch
2.Unified secure data exchange mechanism, confidentiality
3.Authentication
4.key management, how should be done?
5.Link protection mechanism for 802.3 including point to point and
shared, including EPON
6. Discovery protocol

Get EPON requirements clearly defined
Next week organize agenda for plenary
-------------------------------------------------------
Today discuss objectives
EPON people here today

 From Dolors email, Objectives
1. Transparent secure data encryption (SDE) mechanism (high
priority)
2. Link protection mechanism for 802.3 networks if added
functionality is needed in 1. (high priority)
3. Discovery protocol (low priority)

Authentication being superfically ignored
either .1x takes care of everything, or something else is needed
need an additional objective

what's meant by transparent? in #1
transparent to network

what is the model we're going after? Residential?
EPON requirements, Ali and Antti working on a contribution
want international vendor representation
what level of security is actually needed?
this will help security experts to craft what is needed
need initial recommendation from all the EPON vendors
confidentiality upstream and down? message integrity needed?
Is man in the middle important?
whether authentication is needed in the beginning or not?

Mani working on threat model and requirements for Enterprise

Discussion of placement of SG:
Should get EPON out of .3, make it another group?
On the other hand, resistance to do something for EPON security
without applying to rest of ethernet
Where SG goes is procedural, we should concentrate on technical work,
irrespective of where group is
Alot of the vote was that decision shouldn't be made between
plenaries
Don't read negative response to linksec into it

Say in #2, "802.3 Ethernet, including point to point and shared, such as EPON"
The solution needs to solve all of these things.
Add "unified"

How should OAM packets be protected? As data packets?

key exchange
in .11i, discussion of key exchange outside of .1x
should it fix .1x, or keep its 4-way exchange separate
802.2 had doc rejected for doing too much security, where should have
been done in .1x
key exchange problematic, not come to consensus
where should it be done?

PAR, single or multiple?

5 Objectives
1.Unified security arch
2.Unified secure data exchange mechanism, confidentiality
3.Authentication
4.Key management, how should be done?
5.Link protection mechanism for 802.3 including point to point and
shared, including EPON
6. Discovery protocol

Next week organize agenda

Prev by Date: [LinkSec] refining list of objectives
Next by Date: RE: [LinkSec] LIVE FROM WALL STREET: VICC Test Results Are In... whlub
Prev by thread: [LinkSec] refining list of objectives
Next by thread: RE: [LinkSec] LIVE FROM WALL STREET: VICC Test Results Are In... whlub
Index(es):
- Date
- Thread