Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Consensus on Scope?

To: stds-802-linksec@ieee.org
Subject: Re: [LinkSec] Consensus on Scope?
From: Mats Näslund <mats.naslund@era.ericsson.se>
Date: Wed, 23 Apr 2003 09:58:05 +0200
References: <5.2.0.9.2.20030422094521.031d6bd8@mail.binhost.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0



Hi,

I completely agree. Since the general bridged architecture
is considered difficult to handle, I am slightly worried that
corners will be cut so that later extensions beyond link-by-link
protection becomes cumbersome (or even impossible). It could thus
be that we need to "almost" solve also the general case at the
same time to be future proof.

Best,

/Mats

Russ Housley wrote:
> Dolors:
> 
> I do not have any problem with the priorities.  However, I do have some 
> concerns with the "do it later, if needed" tone.  If we look at 802.1X 
> development, it focused on 802.3 problems.  This solved real-world 
> problems.  Since a 802-wide view was not applied from the beginning, 
> significant changes are needed to make it work in 802.11, and other 
> wireless technologies.
> 
> If we do not start with the big picture, we will inadvertently make 
> deployment in other topologies impossible without changes to the standard.
> 
> Russ
> 
> 
> At 09:10 PM 4/21/2003 -0400, Dolors Sala wrote:
> 
>> There seems to be significant consensus in leaving the scenario of 
>> untrusted bridges for a later stage (although the final unified 
>> architecture should support a complete secure bridge network 
>> solution). It seems we may be close to identify the scope of the 
>> initial project.
>>  
>> In the last call, Bob Moskowitz recommended to initially focus on the 
>> link level and leave the entire bridge network definition for a later 
>> stage. If I interpret him correctly, he considers that there is enough 
>> work in defining the provider side of the link security specification 
>> because it doesn't exist an specification or example from where we can 
>> leverage from. This work would involve to specify the (bi-directional) 
>> authentication and the link protection components of the unified 
>> architecture. Bob please clarify or extend as you feel appropriate.
>>  
>> We would need to guarantee that the initial effort defines components 
>> that fit the unified and general architecture. Could we guarantee this 
>> by imposing a set of general requirements to an initial link 
>> specification?
>>  
>> If so we could define a gradual roadmap where we focus first on the 
>> link components and later on the bridged network components. We could 
>> first focus on capturing a complete set of requirements from the 
>> unified architecture and define an initial project to specify a link 
>> security for 802.3 links. At a later stage, additional projects would 
>> be defined to complete the architecture for bridged networks (and/or 
>> other links if needed).
>>  
>> I would like to solicit opinions and comments on this roadmap approach 
>> and recommendations on the specific scope and components of an initial 
>> project.
>>  
>> Dolors
>>

Follow-Ups:
- Re: [LinkSec] Consensus on Scope?
  - From: "Dolors Sala" <dolors@ieee.org>

References:
- Re: [LinkSec] Consensus on Scope?
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: [LinkSec] Consensus on Scope?
Next by Date: Re: [LinkSec] Consensus on Scope?
Prev by thread: Re: [LinkSec] Consensus on Scope?
Next by thread: Re: [LinkSec] Consensus on Scope?
Index(es):
- Date
- Thread