Re: [LinkSec] Consensus on Scope?
Dolors:
I do not have any problem with the priorities. However, I do have
some concerns with the "do it later, if needed" tone. If
we look at 802.1X development, it focused on 802.3 problems. This
solved real-world problems. Since a 802-wide view was not applied
from the beginning, significant changes are needed to make it work in
802.11, and other wireless technologies.
If we do not start with the big picture, we will inadvertently make
deployment in other topologies impossible without changes to the
standard.
Russ
At 09:10 PM 4/21/2003 -0400, Dolors Sala wrote:
There
seems to be significant consensus in leaving the scenario of untrusted
bridges for a later stage (although the final unified architecture should
support a complete secure bridge network solution). It seems we may be
close to identify the scope of the initial project.
In the last call, Bob Moskowitz recommended to
initially focus on the link level and leave the entire bridge network
definition for a later stage. If I interpret him correctly, he considers
that there is enough work in defining the provider side of the link
security specification because it doesn't exist an specification or
example from where we can leverage from. This work would involve to
specify the (bi-directional) authentication and the link protection
components of the unified architecture. Bob please clarify or extend as
you feel appropriate.
We would need to guarantee that the initial
effort defines components that fit the unified and general architecture.
Could we guarantee this by imposing a set of general requirements to an
initial link specification?
If so we could define a gradual roadmap where
we focus first on the link components and later on the bridged network
components. We could first focus on capturing a complete set of
requirements from the unified architecture and define an initial project
to specify a link security for 802.3 links. At a later stage, additional
projects would be defined to complete the architecture for bridged
networks (and/or other links if needed).
I would like to solicit opinions and comments
on this roadmap approach and recommendations on the specific scope and
components of an initial project.
Dolors