Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] Cascading Link by Link Authentication?

To: "'Johnston, Dj'" <dj.johnston@intel.com>, <stds-802-linksec@ieee.org>
Subject: RE: [LinkSec] Cascading Link by Link Authentication?
From: "Mick Seaman" <mick_seaman@ieee.org>
Date: Mon, 19 May 2003 22:22:56 -0700
Importance: Normal
In-Reply-To: <F22B971160628F46BCDDF9E1F33494330F24AA@orsmsx403.jf.intel.com>
Reply-To: <mick_seaman@ieee.org>
Sender: owner-stds-802-linksec@majordomo.ieee.org



This is one application of .1X which has been talked about for a long time
in .1. There are echoes of this in .1ad (Provider Bridges), but since these
are just sideways references at the moment anyone who had not participated
in these discussions so far could be forgiven for not getting it. Actually
the use of a 'security' framework goes further in .1ad, a network operator
can avoid a whole class of wiring errors in cross connects and automatically
identify the difference between internal connections and connections that go
out of the net to customers (in addition obviously what customer).

So far the models I have studied in detail for this sort of net all have the
property that each system keeps trying for connectivity and that works, no
master scheduling is required.

Mick

-----Original Message-----
From: owner-stds-802-linksec@majordomo.ieee.org
[mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of Johnston,
Dj
Sent: Monday, May 19, 2003 3:02 PM
To: stds-802-linksec@ieee.org
Subject: [LinkSec] Cascading Link by Link Authentication?



I have been wondering if the following is true for the sort of linksec
we have been talking about..

There is a bridged 802 network.
Somewhere, on one of the bridges is an authentication agent.
We decline to send data via untrusted bridges.
Bridges become trusted by talking to the authentication agent.
So in the first instance, only the bridges attached to the link on which
the authentication agent can form the necessary trust relationships by
talking to the authentication agent directly.
Then the bridges attached to the links on which those trusted bridges
can do the auth thing by talking through the trusted bridges. And so on.

So authentication of bridges would have to happen in a cascading fashion
through the network. This might have a bearing on the time to
reestablish the trustworthyness of bridges, depending on where in the
hierarchy a change in the network state took place.

DJ

David Johnston
Intel Corporation
Chair, IEEE 802 Handoff ECSG

Email : dj.johnston@intel.com
Tel   : 503 380 5578 (Mobile)
Tel   : 503 264 3855 (Office)

References:
- [LinkSec] Cascading Link by Link Authentication?
  - From: "Johnston, Dj" <dj.johnston@intel.com>

Prev by Date: [LinkSec] Fwd: IETF Status Report
Next by Date: [LinkSec] Proposed Scope for a LinkSec PAR (Secure Frame Format)
Prev by thread: [LinkSec] Cascading Link by Link Authentication?
Next by thread: Re: [LinkSec] Cascading Link by Link Authentication?
Index(es):
- Date
- Thread