Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] Teleconf notes 3/25/03

To: stds-802-linksec@ieee.org
Subject: [LinkSec] Teleconf notes 3/25/03
From: Allyn Romanow <allyn@cisco.com>
Date: Thu, 27 Mar 2003 17:01:53 -0800
Sender: owner-stds-802-linksec@majordomo.ieee.org


3/25/03
Dolors Sala, chair dolors@ieee.org
Allyn Romanow, notes, allyn@cisco.com

Attendees- Marcus Leech, David Johnston, Bob Moskowitz, Allyn Romanow, David
Nelson, Tom Dineen, Mani Mahalingam, Dan Romascanu, Dolors Sala
(sorry, this may not be a complete list)

There is a new SG for handoff, www.ieee802.org/handoff
approved as SG at last Plenary
roaming between heterogeneous MACs
relationship with security

Marcus - go thru slides, sent on mailing list
non-repudiation has a specific legal meaning, we should not use the term
use the term "content commitment"

Media/MAC consistency
SDE used in a general sense, not 802.10 specific

identity meant in context of system, subscriber agreements
subscriber to a service
what's the scope? beyond AH?
will flesh out with various notions of identity, including device and
user
Needs to be flexible and plug into existing infrastructures

distribution - consistent across different media
potentially carry sessions from MAC layer to MAC layer
802.1x gives us the flexible credentials today

choice of encryption alg. can vary between MACs
need to negotiate algs. in session
need to negotiate new keys
need to be fast- eg. for 10 GE, not impede wire speed
say, wire speed performance

PFS perfect forward security, is it needed?

draw exclusively from well-known algorithms
TGI had problems with existing algs.
See the work on nist.gov/kms

what do we need consensus on?

Marcus is going to flush out more based on comments
looks like reasonable consensus

discussion about why some people wanted to encrypt in one direction
only
APON, FSAN

need specialized knowledge of MACs to know what is a security issue
and how it could be implemented in that MAC layer
so need experts from the various MACs to identify potential security
threats
maybe develop a template
Ask MAC experts, which of these threats do we need to deal with?
eg. encrypting addresses, obsoletes test equipment, will be pushback from
802.3
other issues like MAC control functions, chicken and egg issue
eg., RPR - control plane, could falsify control info, is that a problem?

What are the rules of thumb, they can be used as high level
requirements, guidance, for MAC experts
what are attack capabilities?
inject and inspect, intercept
what are implications for user data?
what are implications for control planes for various MACs?
is it worth protecting, or can get away with leaving security for a
higher level?

what kind of material need to put together?

Bob arch model for next week.

Renee threats week after

Follow-Ups:
- Re: [LinkSec] Teleconf notes 3/25/03
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: [LinkSec] Teleconf notes 3/25/03
Next by Date: [LinkSec] Bridge Number Change
Prev by thread: [LinkSec] Call tomorrow: architecture model (2)
Next by thread: Re: [LinkSec] Teleconf notes 3/25/03
Index(es):
- Date
- Thread