Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] Re: IETF PANA

To: Jim Burns <jeb@mtghouse.com>, <stds-802-1@ieee.org>, <stds-802-linksec@ieee.org>
Subject: [LinkSec] Re: IETF PANA
From: Alper Yegin <alper@docomolabs-usa.com>
Date: Thu, 17 Jul 2003 06:12:05 -0700
CC: Yoshihiro Ohba <yohba@tari.toshiba.com>, "Patil Basavaraj (NET/Dallas)" <Basavaraj.Patil@nokia.com>
In-Reply-To: <AJEHIOCKJEHEKEHOHOBKKEFODCAA.jeb@mtghouse.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Hi Jim,

Thank you for meeting us and passing PANA information to Linksec folks.
Just two quick notes...

> Hi Folks,
> I sat down with the IETF PANA lead, Alper Yegin as well as Yoshihiro Ohba

Basavaraj Patil (CC'ed) and I are the co-chairs of IETF PANA Working Group.

> and John Vollbrecht to discuss PANA.  There is some possibility that we can
> learn from each other and possibly find some places where our models/layers
> could exchange infomation.  At the very least, we should be able to share
> some problem definitions (probably best done by watching each other's email
> lists -- see below for details).
> 
> A very fast and simplistic synopsis of the meeting is:
> What are the differences between 802.1X and PANA?
> PANA runs over IP and 802.1X runs over ethernet.
> PANA will work for the operators who have a link layer that is not ethernet.
> This means that PANA passes its keying material on to IPSEC (while 802.1X

We didn't have a chance to talk about this. In theory, PANA can also key the
link-layer. We have detailed specification for IPsec, but since we are not
dealing with specific link-layers at IETF, we are not specifying how
link-layers can use these keys. Nevertheless, we are interested in exploring
the details, and maybe IEEE linksec experts can help with that.

> passes its on to 802.11i and perhaps 802.3 in the future).
> This means that PANA blocks at layer 3 -- blocking all but PANA packets
> (while 802.1X blocks at layer 2 all but eapol packets).

PANA should also be useful for enabling link-layer blocking. Currently we
are missing link-layer specific details though.


> 
> For those who are textually challenged and prefer pictures:
>                 EAP
> +----------------+---------------------+
> |                                      |
> 802.1X                                 PANA
> |                                      |
> ethernet                                IP
> 
> 
> The IEEE LinkSec info has been posted to the PANA site.
> 
> Please see the IETF PANA group information below:
>   To get on the IETF PANA email list:
>     To Subscribe: pana-request@research.telcordia.com
>     In Body: (un)subscribe
>     Archive:
> ftp://ftp.research.telcordia.com/pub/Group.archive/pana/archive
>   Let me know if you have any problems.
>   The IETF PANA home page is at:
>     http://www.ietf.org/html.charters/pana-charter.html
>   If you have trouble accessing it pleast let me know.
> 
> Sincerely,
> Jim B.

Best regards,

Alper Yegin

References:
- [LinkSec] IETF PANA
  - From: "Jim Burns" <jeb@mtghouse.com>

Prev by Date: [LinkSec] Toward a MACsec draft
Next by Date: [LinkSec] IETF PANA
Prev by thread: [LinkSec] IETF PANA
Next by thread: [LinkSec] RE: [802.1] P802.1ad Task Group ballot disposition
Index(es):
- Date
- Thread