Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Consensus on Scope?

To: "Dolors Sala" <dolors@ieee.org>
Subject: Re: [LinkSec] Consensus on Scope?
From: Russ Housley <housley@vigilsec.com>
Date: Tue, 22 Apr 2003 09:53:00 -0400
Cc: stds-802-linksec@ieee.org
In-Reply-To: <016801c3086b$e7f40e00$c32055d4@Tell>
Sender: owner-stds-802-linksec@majordomo.ieee.org

Dolors:

I do not have any problem with the priorities. However, I do have some concerns with the "do it later, if needed" tone. If we look at 802.1X development, it focused on 802.3 problems. This solved real-world problems. Since a 802-wide view was not applied from the beginning, significant changes are needed to make it work in 802.11, and other wireless technologies.

If we do not start with the big picture, we will inadvertently make deployment in other topologies impossible without changes to the standard.

Russ

At 09:10 PM 4/21/2003 -0400, Dolors Sala wrote:

There seems to be significant consensus in leaving the scenario of untrusted bridges for a later stage (although the final unified architecture should support a complete secure bridge network solution). It seems we may be close to identify the scope of the initial project.

In the last call, Bob Moskowitz recommended to initially focus on the link level and leave the entire bridge network definition for a later stage. If I interpret him correctly, he considers that there is enough work in defining the provider side of the link security specification because it doesn't exist an specification or example from where we can leverage from. This work would involve to specify the (bi-directional) authentication and the link protection components of the unified architecture. Bob please clarify or extend as you feel appropriate.

We would need to guarantee that the initial effort defines components that fit the unified and general architecture. Could we guarantee this by imposing a set of general requirements to an initial link specification?

If so we could define a gradual roadmap where we focus first on the link components and later on the bridged network components. We could first focus on capturing a complete set of requirements from the unified architecture and define an initial project to specify a link security for 802.3 links. At a later stage, additional projects would be defined to complete the architecture for bridged networks (and/or other links if needed).

I would like to solicit opinions and comments on this roadmap approach and recommendations on the specific scope and components of an initial project.

Dolors

Follow-Ups:
- Re: [LinkSec] Consensus on Scope?
  - From: Mats Näslund <mats.naslund@era.ericsson.se>

References:
- [LinkSec] Consensus on Scope?
  - From: "Dolors Sala" <dolors@ieee.org>

Prev by Date: Re: [LinkSec] Consensus on Scope?
Next by Date: [LinkSec] REMINDER - June Interim Meeting
Prev by thread: [LinkSec] Consensus on Scope?
Next by thread: Re: [LinkSec] Consensus on Scope?
Index(es):
- Date
- Thread