Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] Cascading Link by Link Authentication?

To: <stds-802-linksec@ieee.org>
Subject: RE: [LinkSec] Cascading Link by Link Authentication?
From: "Mick Seaman" <mick_seaman@ieee.org>
Date: Tue, 20 May 2003 10:40:02 -0700
Importance: Normal
In-Reply-To: <85256D2C.004DF9E1.00@smtpmail.certicom.com>
Reply-To: <mick_seaman@ieee.org>
Sender: owner-stds-802-linksec@majordomo.ieee.org



Rene,

This basic model is capable of considerable refinement. Two bridges agreeing
to send traffic between them don't have to agree on who the authentication
server, moreover they can limit the traffic accepted to meet their own
firewall policy/accessible VLAN guidelines.

The authentication exchange happens 'through' the trusted bridges to the
authentication server, that is to say the authentication dialogue itself is
not designed to be attackable by compromised links, though of course any
compromised link can be used to snoop on or inject data into the network up
to the limits of the foregoing para.

Mick
-----Original Message-----
From: owner-stds-802-linksec@majordomo.ieee.org
[mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of Rene
Struik
Sent: Tuesday, May 20, 2003 7:05 AM
To: Johnston, Dj
Cc: stds-802-linksec@ieee.org
Subject: Re: [LinkSec] Cascading Link by Link Authentication?



Dear DJ:

The trust model that is underlying your operational description is one with
- complete trust in the authentication server
- full transitivity of trust: if A trusts B and B trusts C, then A trusts C.

From my perspective, this trust model is very inflexible and often
unworkable.
This trust model falls apart in the event one of the links is
untrusted/untrustworthy or becomes so.

Rene




"Johnston, Dj" <dj.johnston@intel.com> on 05/19/2003 06:01:57 PM

To:   stds-802-linksec@ieee.org
cc:    (bcc: Rene Struik/Certicom)
Subject:  [LinkSec] Cascading Link by Link Authentication?





I have been wondering if the following is true for the sort of linksec
we have been talking about..

There is a bridged 802 network.
Somewhere, on one of the bridges is an authentication agent.
We decline to send data via untrusted bridges.
Bridges become trusted by talking to the authentication agent.
So in the first instance, only the bridges attached to the link on which
the authentication agent can form the necessary trust relationships by
talking to the authentication agent directly.
Then the bridges attached to the links on which those trusted bridges
can do the auth thing by talking through the trusted bridges. And so on.

So authentication of bridges would have to happen in a cascading fashion
through the network. This might have a bearing on the time to
reestablish the trustworthyness of bridges, depending on where in the
hierarchy a change in the network state took place.

DJ

David Johnston
Intel Corporation
Chair, IEEE 802 Handoff ECSG

Email : dj.johnston@intel.com
Tel   : 503 380 5578 (Mobile)
Tel   : 503 264 3855 (Office)

References:
- Re: [LinkSec] Cascading Link by Link Authentication?
  - From: "Rene Struik" <rstruik@certicom.com>

Prev by Date: [LinkSec] P802.1d/D3 to Sponsor ballot
Next by Date: [LinkSec] Telconf Notes 5/6/03
Prev by thread: Re: [LinkSec] Cascading Link by Link Authentication?
Next by thread: [LinkSec] Tomorrow's call: PAR discussion
Index(es):
- Date
- Thread