Re: [LinkSec] LinkSec Security Issues & 802.10
Dan writes:
Ken,
1. All the participants in the LinkSec effort are aware about the
urgency of providing a solution of the EPON problems. While there
seems to be some convergence on the need to bring amendments and
extensions to SDE, it is not clear that this solves all the
problems of security in EPON.
2. There is a practical aspect in avoiding effort duplication. With
LinkSec chartered and runing, it will be difficult for many
participants to
attend both LinkSec and a re-newed 802.10. After all, you guys (802.10
participants) had a hard time sending representatives to the
first few LinkSec SG meetings, though nobody probably questions your
interest in IEEE 802 security.
To be fair, both Ken and Russ had obligations elsewhere (802.11i) this
time. Our primary "customer" EPON was also underwhelmingly
represented in meetings this week.
Further, it's entirely-likely that whatever underlying security
transform we come up with will look very similar to 802.10 SDE.
It would seem silly to spend a lot of time essentially re-creating
802.10 SDE (perhaps with some new fields) simply to avoid
re-visiting it.
The very substantial work ahead of Linksec is in the area of
key-management, authentication, and key-transport/distribution.
Those parts of 802.10 are very clearly in need of substantial
work/replacement. Other major areas of work would be
describing which pieces of the MAC control functions need to
be protected, which pieces don't need to be protected, and which
pieces *can't* be protected (because of nasty egg/chicken problems).