Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] notes for teleconf 4/22/03

To: "LinkSec" <stds-802-linksec@ieee.org>
Subject: [LinkSec] notes for teleconf 4/22/03
From: Allyn Romanow <allyn@cisco.com>
Date: Wed, 23 Apr 2003 16:58:48 -0700
Cc: allyn@cisco.com
Sender: owner-stds-802-linksec@majordomo.ieee.org

Notes are in Word this time. Please let me know if this is problematic.
Here's the summary, also included in the full notes.
==============================================

4/22/03
LinkSec Study Group
Dolors Sala, chair, dolors@ieee.org
Allyn Romanow,notes, allyn@cisco.com

Norm Finn, Antti Pietilainen, DJ Johnston, Dolors Sala, Allyn Romanow, Tom Dineen

Summary:
Today - identify contributions, discuss progress, status, identify and complete list of issues

Discussion of scope of the work. Agreement to do link-wise security associations only. Norm expressed opinion that current problem with 802.10 is that one SA cannot carry both unicast and multicast traffic, two SAs are required. This is problematic. The work of LinkSec, as he sees it, is to specify SAs and how to establish them with 802.1x.
Also, in .10 it is required to register with IEEE to establish globally unique IDs- very undesirable. If we need globally unique IDs, we can use an alternative mechanism, such as using the unique MAC address, for part of the ID. The real outstanding decision is how far to go in covering sharing: we do want point to point. Do we want point to multipoint? Do we want to address shared media?

When you have a mixture of secure and insecure bridges, secure bridges can only talk to secure bridges, not to unsecure bridges.

There was agreement that L2 tunneling might be used by LinkSec, but should not be defined by LinkSec.

Norm will send out some ideas he has for PAR
Antti proposes having a simple standard and a more complex one, varying with the threat model. He sent out email and will make some slides for discussion.

Issues:
-There is consensus that MAC addresses should be integrity protected, should it be required?
-Should OAM frames at MAC level be encrypted? group will decide after it’s formed, in fullness of time
-Where in the protocol stack should security be? People on call thought it should be between the PHY and MAC layers. Group can decide after chartered.

In Ottawa, we’ll figure out if we can bring in PAR at the next plenary

No call next week -InterOp
Following week threat discussion - Rene, Mani, Ken

linkSec4_22_03.doc

Prev by Date: [LinkSec] Confirmation ballot of P802.1d/D2
Next by Date: Re: [LinkSec] Consensus on Scope?
Prev by thread: [LinkSec] Re: [802.1] Confirmation ballot of P802.1d/D2
Next by thread: [LinkSec] REMINDER - June Interim Meeting
Index(es):
- Date
- Thread