| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
From: Ken Alonge <kennyg698@yahoo.com>
Subject: [LinkSec] LinkSec Security Issues & 802.10
To: stds-802-linksec@ieee.org
Sender: owner-stds-802-linksec@majordomo.ieee.org
X-Resent-To: Multiple Recipients <stds-802-linksec@majordomo.ieee.org>
X-Info: [Un]Subscribe requests to majordomo@majordomo.ieee.org
X-Moderator-Address: stds-802-linksec-approval@majordomo.ieee.org
To All-
I'm having trouble sending e-mail from my normal e-mail address, so I've had to resort to using this more obscure address. Sorry.
After having participated in the LinkSec meetings this week and having had discussions with many study group participants as well as the Chairs of other MAC working groups, it seems to me that the 802.10 Secure Data Exchange Protocol (SDE) is the preferred method of providing generic security services across all of the 802 MACs (note that some MACs, like .11 would have additional security within the MAC layer). In order to provide the all desired security services, the SDE protocol will have to be slightly modified. The modifications are needed in order to accommodate replay protection, destination MAC address authentication, and optional integrity protection of additional header fields such as the VLAN tag.
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Another point of concern that was raised in this week's LinkSec meeting was the ability of 802.1X to meet the key management requirements of all the 802 MACs, because of the .1X requirement to have access to a server for key distribution. This type of configuration does not work for 802.15 where it is unreasonable to expect an infrastructure; also it can cause denial of service in enterprise networks when the authentication server cannot be reached. The .1X protocol is great for the environments that it was designed to support, but it does not fit all environments. Therefore, additional key management approaches may be necessary.
Additionally, part of the LinkSec charter is to develop an 802 security architecture document. 802.10 already published the 802 security architecture Standard. While we have learned a lot since this document was developed, it does not make sense to have two 802 Security Architectures. The current document (802.10a) ought to be used as a baseline for the LinkSec security architecture study. Revision of the .10 security architecture may be required to accommodate information not considered when .10 originally created that Standard.
These issues are being raised at a good time, since all of the .10 Standards are up for reaffirmation this year (i.e., 802.10-1998, 802.10a-1999, as well as 802.10c-1998 (the Key Management standard)). So, in order to make the necessary modifications, I am proposing that 802.10 be brought out of hibernation by the Exec. I think that our initial focus should be on the SDE revision; followed by needed modifications to, or withdrawal of the key management standard, and; finally, possible modifications to the .10 security architecture Standard.
Two of the Exec members expressed to me their concern that .10 might not have enough participants to do the required revisions, and they would like me to demonstrate that an unhibernated .10 will have sufficiently broad participation (membership), drawing the necessary expertise from other working groups. Therefore, I'm sending this e-mail to you to serve as a straw poll of the LinkSec study group to determine who would be willing to participate in an unhibernated .10 to assist in making the necessary revisions to our Standards.
Your prompt response today would be greatly appreciated.
Sincerely,
Ken Alonge
Chair, 802.10
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online