Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: Fw: [LinkSec] teleconf notes 4/15/03

To: mick_seaman@ieee.org
Subject: Re: Fw: [LinkSec] teleconf notes 4/15/03
From: Russ Housley <housley@vigilsec.com>
Date: Fri, 18 Apr 2003 16:44:00 -0400
Cc: stds-802-linksec@ieee.org
In-Reply-To: <003b01c305e8$374cd6c0$051efea9@Pam>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Mick:

>It may be argued that we should accomodate intermediate untrusted bridges
>from the outset, taking such steps as putting the .1Q tag in clear as well
>as protecting it. This is the standard standards approach and that of the
>responsible reasonable engineer. Most of the progress .1 has made in the
>past has been (IMHO) due to the ability to identify such never ending cases
>of distraction and project enlargement and take an axe to them right from
>the start.

I try to be pragmatic too.  However, if the .1Q tag needs integrity 
protection, it is not difficult, and it is easy to set up as an attribute 
of the security association.  That is, it does not have to add complexity 
where it is not needed.

The cryptographic modes being used in 802.11i allows integrity protection 
of arbitrary portions of the header and encryption as well as integrity 
protection of the payload.  It does not require replication of the 
integrity protected header element in the payload. See the following 
Internet-Draft if you want more details: 
draft-housley-ccm-mode-02.txt.  This will be published as an Information 
RFC soon.

Russ

Follow-Ups:
- RE: Fw: [LinkSec] teleconf notes 4/15/03
  - From: "Mick Seaman" <mick_seaman@ieee.org>

Prev by Date: Re: [LinkSec] teleconf notes 4/15/03
Next by Date: Re: [LinkSec] teleconf notes 4/15/03
Prev by thread: RE: [LinkSec] teleconf notes 4/15/03
Next by thread: RE: Fw: [LinkSec] teleconf notes 4/15/03
Index(es):
- Date
- Thread