Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] Notes from Teleconference 7/8/03

To: stds-802-linksec@ieee.org
Subject: [LinkSec] Notes from Teleconference 7/8/03
From: Allyn Romanow <allyn@cisco.com>
Date: Thu, 10 Jul 2003 15:06:45 -0700
Cc: allyn@cisco.com
Sender: owner-stds-802-linksec@majordomo.ieee.org



7/8/03 IEEE 802.1 LinkSec Teleconf
Dolors Sala, chair, dolors@ieee.org
Allyn Romanow, notes, allyn@cisco.com

Attendees:
Bob Moskowitz, David Johnston, Allyn Romanow, Dolors Sala, Norm Finn

Summary: Bob Moskowitz's architecture slides were discussed. Teleconference 
next week will continue discussing his slides.
------------------

Update on Handoff study group from Dave - come up with PAR at next
interim after the plenary. Plenary is for discussion. Interim in Denver
co-located with 802.16 Sept. 8-12.

No news on LinkSec interim either place or date
EFM 9/15-19
we will meet week of the 8th or 22nd
Norm has conflict monday tuesday week of the 8th
.16 and Handoff are the week before, Monday - Thurs
Tony has conflict with the week of the 22nd
Friday the week of the 22nd is a religious holiday

Bob's slides - he tried to capture comments from the interim meeting
and fill out content

Provider view of protection is primary motivation for linkSec
First slide - "except across provider bridges" - meaning not clear

Network Definition slide-
authentication servers are L3, not clear in slides

3 views of linksec - provider, subscriber, peer view

Please think of the peer view, does it make sense?
In 802.11, authentication is wrong in ad hoc mode, because of race conditions
two parties authenticate - problematic
Peer view is important for us to consider
One more model, do we want to tackle? Multiple subscribers hubbed to
one bridge, physical port that has the authenticator, want to set up a way
for the subscribers to speak to each other securely, if included in the
shared medium. What if there are two authenticators?
Two bridges, station doesn't know which bridge is handling its traffic
More general n peers, m authenticating devices
m=2 is adequate to consider, practically, economically
802.11e side channel, two peers can talk directly to each other, to save on 
performance
A general solution may be worth specifying- 802.11 is solving problem in a
specific way
802.11 may be special
In wired case, allow end stations to perform a peer instantiation

Business driven requirements
provider centric
Bob feels Linksec is only for provider
but application in enterprise
but enterprise is a provider
What does he define as a provider? He doesn't mean only a L2 metro
service provider, means provider as distinct from users
authentication also detects miswiring

Requirements details
confidentiality of data frames
management frames - integrity, not much point in making them secret

Sean Gorman - slashdot, thesis, traced the whole internet

next week- Discussion of Bob's slides and anything else that may come up

Prev by Date: [LinkSec] Fwd: You are in the news
Next by Date: Re: [LinkSec] LinkSec web site and conference call
Prev by thread: [LinkSec] Fwd: You are in the news
Next by thread: [LinkSec] Comments on Authentication Types
Index(es):
- Date
- Thread