Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] LinkSec Security Issues & 802.10

To: ariel.maislos@passave.com, stds-802-linksec@ieee.org
Subject: Re: [LinkSec] LinkSec Security Issues & 802.10
From: "Marcus Leech" <mleech@nortelnetworks.com>
Date: Fri, 14 Mar 2003 16:23:12 -0500
References: <003e01c2e9b5$3c203010$cb05000a@ARIELTAB>
Sender: owner-stds-802-linksec@majordomo.ieee.org



Ariel Maislos writes:

 

 I seriously question whether the constituency for an 802.10
project       would be greater than for an 802.1 project.

 Security experts have evolved with the market, and are now coming
off     802.11i and not from 802.10.

 Reviving a hibernating project is increasing our administrative
effort    without any benefit.

 802.1 meetings are open and public and have further demonstrated
through  the LinkSec meetings so far that they
 are able to draw the necessary experienced participants from
the          industry that are required for the SQ to achieve
 its goals.

  Answering the urgency for providing a solution for EPON is
not            justification for reviving 802.10. Fragmenting the
  effort between multiple groups is the sure way to sink the project.

 

Ariel

 

 P.S.

 As a LinkSec participant and contributor, I am very much against
the      reuse of SDE. I believe there is no benefit
 in reusing a protocol that had no wide acceptance and proved no
market    feasibility.

802.10 failed not due to any flaw in its design, but rather due
  to it being largely ahead of its time (work on 802.10 pre-dates
  significant work on IPSEC, for example).

If the market believes that link-layer security is necessary then
  *any* security transform we invent in LinkSec will almost-certainly
  look very much like a warmed-over 802.10 SDE. There's only so many
  ways to boil this particular fish, and it would be a shame to
  essentially re-write all of that already-edited prose in 802.10
  SDE, merely to respond to some NIH urges on the part of some
  here.

If the same market forces are at work that caused 802.10 to fail
  (dis-interest in security in general, and particular at layer 2),
  then re-writing 802.10 SDE entirely isn't going to succeed in
  the market either, and we can all move on to other things.

I've said in at least one previous e-mail.  Revision of 802.10 to
  both meet current "prudent security practices" (replay protection,
  new integrity and confidentiality algorithms), and to cover
  "stuff" that's been added in the intervening years (VLAN tags, etc)
  is a minor piece of work compared to the rest of the work
  that needs to be done here.

I can't imagine coming up with a replacement for 802.10 SDE without
  substantially re-inventing it, with a very similar frame format,
  state-machine, etc, etc.  How is it justified to do all this
  work over again?

-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Advisor                                  Phone: (ESN) 393-9145  +1 613
763 9145
Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613
763 9435
Nortel Networks                          mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------

References:
- RE: [LinkSec] LinkSec Security Issues & 802.10
  - From: "Ariel Maislos" <ariel.maislos@passave.com>

Prev by Date: [LinkSec] Placing of the Link Security study group
Next by Date: RE: [LinkSec] LinkSec Security Issues & 802.10
Prev by thread: RE: [LinkSec] LinkSec Security Issues & 802.10
Next by thread: RE: [LinkSec] LinkSec Security Issues & 802.10
Index(es):
- Date
- Thread