[LinkSec] notes for teleconf 4/22/03
Notes are in Word this time. Please let me know if this is
problematic.
Here's the summary, also included in the full notes.
==============================================
4/22/03
LinkSec Study Group
Dolors Sala, chair, dolors@ieee.org
Allyn Romanow,notes, allyn@cisco.com
Norm Finn, Antti Pietilainen, DJ Johnston, Dolors Sala, Allyn Romanow,
Tom Dineen
Summary:
Today - identify contributions, discuss progress, status, identify
and complete list of issues
Discussion of scope of the work. Agreement to do link-wise security
associations only. Norm expressed opinion that current problem with
802.10 is that one SA cannot carry both unicast and multicast traffic,
two SAs are required. This is problematic. The work of LinkSec, as he
sees it, is to specify SAs and how to establish them with 802.1x.
Also, in .10 it is required to register with IEEE to establish globally
unique IDs- very undesirable. If we need globally unique IDs, we can use
an alternative mechanism, such as using the unique MAC address, for part
of the ID. The real outstanding decision is how far to go in covering
sharing: we do want point to point. Do we want point to multipoint? Do we
want to address shared media?
When you have a mixture of secure and insecure bridges, secure bridges
can only talk to secure bridges, not to unsecure bridges.
There was agreement that L2 tunneling might be used by LinkSec, but
should not be defined by LinkSec.
Norm will send out some ideas he has for PAR
Antti proposes having a simple standard and a more complex one, varying
with the threat model. He sent out email and will make some slides for
discussion.
Issues:
-There is consensus that MAC addresses should be integrity protected,
should it be required?
-Should OAM frames at MAC level be encrypted? group will decide
after it’s formed, in fullness of time
-Where in the protocol stack should security be? People on call thought
it should be between the PHY and MAC layers. Group can decide after
chartered.
In Ottawa, we’ll figure out if we can bring in PAR at the next
plenary
No call next week -InterOp
Following week threat discussion - Rene, Mani, Ken
linkSec4_22_03.doc