RE: [LinkSec] Failure of probe mechanisms to scale
Mick:
>The point is that some changes in the core of the network will see a lot of
>changes. My focus is on securing these links as well, not just those at the
>edge of the net. I don't want a separate, not to be specified, mechanisms to
>cover these core links. If SDE-enabled bridges are in front of protected
>networks, what is protecting the internals of these networks? These
>networks often have their fiber routed through patch panels not under the
>direct physical lock and key of the network provider but of the colo
>operator (your security mileage may vary).
The physical environment is clearly important. This is actually part the
point that I was trying to make. There are reasonable deployment
approaches where an SDE-enabled bridge protects a physically protected LAN
segment. I am sure there are others ...
>If your answer is that SDE associations are always tunneled across networks
>then I have other technology today I can use - with much pain and manual
>configuration so it is not really adequate but its problems are tunneling
>problems.
I do not understand why a network operator would want the traffic to be
protected on a hop-by-hop basis, where some of the hops are in boxes
outside the physical control of the operator. Bridges that are installed
in the customer's physical space are my concern. If the keys in that box
can only be used to expose the customer's own traffic, then there is no
motive to tamper with the box. On the other hand, if keys in the box can
expose a neighbor's traffic, then there is a motive to mess with the
box. To thwart this, physical protections must be placed in the ox, which
significantly increases the cost.
>I'd be interested in how you propose that an SDE bridge may be able to
>figure out what security associations are to be affected. In cases other
>than the SDE bridge being the edge bridge of the network I don't regard this
>as possible in bridge networks as currently defined.
You clearly know more about the spanning tree stuff than I do. If you
cannot figure it out, then I do not think I am going to find an insight
that you missed, However, we both seem to agree that it is not a big issue
to SDE-enabled bridges at the edges. Let's take advantage of that situation.
Russ