Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [LinkSec] LinkSec Security Issues & 802.10

Ariel-

Thanks for your input.  Since many of the constituents of the SG and various working group chairs have indicated that they are leaning toward SDE as the way to go (also evidenced in many of the SG presentations) it only makes sense to have the working group that developed the Standard do the revision, if for no other reason than the learning curve.  As I expressed to Tony, I believe that the total effort can only be made stronger by 802.10 coming out of hibernation - not fragmented - since the un-hibernated .10 membership would participate in the SG meetings, while revising SDE in parallel. Doing this in parallel will speed delivery of a much needed solution.

Some of the key .11i security experts were members of .10 and would rejoin the effort to update SDE and, if need be, Key Management as well, as they have significant experience with .1X.

As far as reusing a "protocol that had no wide acceptance and proved no market feasibility," I believe that the market place for security has finally caught up to SDE -- we were ahead of our time with our protocol and did a lousy job of marketing it.  Our other shortcoming (in hindsight) was that we didn't specify a particular interoperable configuration that vendors could build to.  That will be corrected in the revision.

Ken

 Ariel Maislos <ariel.maislos@passave.com> wrote:

Ken,

 

I seriously question whether the constituency for an 802.10 project would be greater than for an 802.1 project.

Security experts have evolved with the market, and are now coming off 802.11i and not from 802.10.

Reviving a hibernating project is increasing our administrative effort without any benefit.

802.1 meetings are open and public and have further demonstrated through the LinkSec meetings so far that they are able to draw the necessary experienced participants from the industry that are required for the SQ to achieve its goals.

Answering the urgency for providing a solution for EPON is not justification for reviving 802.10. Fragmenting the effort between multiple groups is the sure way to sink the project.

 

Ariel

 

P.S.

As a LinkSec participant and contributor, I am very much against the reuse of SDE. I believe there is no benefit in reusing a protocol that had no wide acceptance and proved no market feasibility.

 

Ariel Maislos

Passave Inc.

1557 Jasper Dr.

Sunnyvale, CA 94087

ariel.maislos@passave.com

(408) 530 0458

 

-----Original Message-----
From: owner-stds-802-linksec@majordomo.ieee.org [mailto:owner-stds-802-linksec@majordomo.ieee.org] On Behalf Of Ken Alonge
Sent: Thursday, March 13, 2003 11:47 AM
To: dromasca@avaya.com
! Cc: stds-802-linksec@ieee.org
Subject: RE: [LinkSec] LinkSec Security Issues & 802.10

 

Dan-

I agree that we do not want two conflicting efforts going on at the same time.  However, my view is that the LinkSec SG is very much in favor of using SDE as the frame protection protocol.  To that end, I proposed revisions to SDE in support of perceived LinkSec requirements.  I said:

 "The modifications are needed in order to accommodate replay protection, destination MAC address authentication, and optional integrity protection of additional header fields, such as the VLAN tag."

I do not think it is prudent to delay this work.  I feel an urgency in the 802.3 EPON community to provide a security solution as quickly as possible.  So, if you agree that the consensus is to use SDE, then why not get the SDE revision work started tomorrow?

Ken

 

Do you Yahoo!?
Yahoo! Web Hosting - establish your business online


Do you Yahoo!?
Yahoo! Web Hosting - establish your business online