Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] Failure of probe mechanisms to scale

To: mick_seaman@ieee.org
Subject: RE: [LinkSec] Failure of probe mechanisms to scale
From: Russ Housley <housley@vigilsec.com>
Date: Wed, 30 Apr 2003 10:52:59 -0400
Cc: stds-802-linksec@ieee.org
In-Reply-To: <000d01c30ee6$60693380$210110ac@corp.telseon.com>
References: <5.2.0.9.2.20030429150612.034521d0@mail.binhost.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Mick:

>The point is that some changes in the core of the network will see a lot of
>changes. My focus is on securing these links as well, not just those at the
>edge of the net. I don't want a separate, not to be specified, mechanisms to
>cover these core links. If SDE-enabled bridges are in front of protected
>networks,  what is protecting the internals of these networks? These
>networks often have their fiber routed through patch panels not under the
>direct physical lock and key of the network provider but of the colo
>operator (your security mileage may vary).

The physical environment is clearly important.  This is actually part the 
point that I was trying to make.  There are reasonable deployment 
approaches where an SDE-enabled bridge protects a physically protected LAN 
segment.  I am sure there are others ...

>If your answer is that SDE associations are always tunneled across networks
>then I have other technology today I can use - with much pain and manual
>configuration so it is not really adequate but its problems are tunneling
>problems.

I do not understand why a network operator would want the traffic to be 
protected on a hop-by-hop basis, where some of the hops are in boxes 
outside the physical control of the operator.  Bridges that are installed 
in the customer's physical space are my concern.  If the keys in that box 
can only be used to expose the customer's own traffic, then there is no 
motive to tamper with the box.    On the other hand, if keys in the box can 
expose a neighbor's traffic, then there is a motive to mess with the 
box.  To thwart this, physical protections must be placed in the ox, which 
significantly increases the cost.

>I'd be interested in how you propose that an SDE bridge may be able to
>figure out what security associations are to be affected. In cases other
>than the SDE bridge being the edge bridge of the network I don't regard this
>as possible in bridge networks as currently defined.

You clearly know more about the spanning tree stuff than I do.  If you 
cannot figure it out, then I do not think I am going to find an insight 
that you missed,  However, we both seem to agree that it is not a big issue 
to SDE-enabled bridges at the edges.  Let's take advantage of that situation.

Russ

Follow-Ups:
- RE: [LinkSec] Failure of probe mechanisms to scale
  - From: "Mick Seaman" <mick_seaman@ieee.org>

References:
- RE: [LinkSec] Failure of probe mechanisms to scale
  - From: Russ Housley <housley@vigilsec.com>
- RE: [LinkSec] Failure of probe mechanisms to scale
  - From: "Mick Seaman" <mick_seaman@ieee.org>

Prev by Date: Re: [LinkSec] Failure of probe mechanisms to scale
Next by Date: Re: [LinkSec] Failure of probe mechanisms to scale
Prev by thread: Re: [LinkSec] Failure of probe mechanisms to scale
Next by thread: RE: [LinkSec] Failure of probe mechanisms to scale
Index(es):
- Date
- Thread