Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
There seems to be significant consensus in leaving
the scenario of untrusted bridges for a later stage (although the final
unified architecture should support a complete secure bridge network
solution). It seems we may be close to identify the scope of the initial
project.
In the last call, Bob Moskowitz recommended to
initially focus on the link level and leave the entire bridge network
definition for a later stage. If I interpret him correctly, he considers
that there is enough work in defining the provider side of the link security
specification because it doesn't exist an specification or example from where we
can leverage from. This work would involve to specify the (bi-directional)
authentication and the link protection components of the unified architecture.
Bob please clarify or extend as you feel appropriate.
We would need to guarantee that the initial effort
defines components that fit the unified and general architecture. Could we
guarantee this by imposing a set of general requirements to an
initial link specification?
If so we could define a gradual roadmap where we
focus first on the link components and later on the bridged network
components. We could first focus on capturing a complete set of
requirements from the unified architecture and define an initial project
to specify a link security for 802.3 links. At a later stage,
additional projects would be defined to complete the architecture for bridged
networks (and/or other links if needed).
I would like to solicit opinions and comments on
this roadmap approach and recommendations on the specific scope and components
of an initial project.
Dolors
|