Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] RE: Reminder: linksec call on Tuesday at 2:00pm ET

To: "Dolors Sala" <dolors@ieee.org>, "LinkSec" <stds-802-linksec@ieee.org>
Subject: [LinkSec] RE: Reminder: linksec call on Tuesday at 2:00pm ET
From: "Johnston, Dj" <dj.johnston@intel.com>
Date: Sun, 14 Sep 2003 11:15:05 -0700
Sender: owner-stds-802-linksec@majordomo.ieee.org
Thread-Index: AcN6yC3n7iPIcBu8QFiA44k5L8/kSQAIMYsg
Thread-Topic: Reminder: linksec call on Tuesday at 2:00pm ET


My thinking, that will probably be the substance of my contribution on
Tuesday is to try to answer the question "How long is the PN?".

We have to cover a range of speeds arguably 10kbps through to 100Gbps
today, and those bounds can be expected to move outwards in the future.

Large PNs (say 64 bits with a non birthday attack susceptible mode)
represents transmission overhead. Small PNs equate to rapid rekeying,
and if this requires a lot of backaul AAA type interaction, the
per-rekeying effort may be high.

So the short answer is that there is no PN length that is optimal for
all cases.

We have options:
1) Pick a number, live with it and suffer the consequences (maybe poor
adoption)
2) PN length negotiation. See Rogaway's NIST submissions for why this
might be a bad idea.
3) Fixed technology to PN length mapping (.3 gets 64 .11 get 48 bits,
.15.4 gets 32 etc) might work, but the PHY rate of those technologies
changes with time and how do we cope with provider bridges that have
different technologies at either end?
4) Elastic PN. Encode the PN with a delimiter so its length can vary.
Smaller number take less space. Rekey when you don't like the size of
the PN. This sounds complex (at least in terms of MAC design) and might
have some subtle security failure I haven't appreciated.
5) Others?

If I have a proposed solution by Tuesday, you will see it. If not, then
you will only have problems to show.

DJ

David Johnston
Intel Corporation
Chair, IEEE 802 Handoff ECSG

Email : dj.johnston@intel.com
Tel   : 503 380 5578 (Mobile)
Tel   : 503 264 3855 (Office)

> -----Original Message-----
> From: Dolors Sala [mailto:dolors@ieee.org] 
> Sent: Sunday, September 14, 2003 6:58 AM
> To: LinkSec
> Cc: Johnston, Dj; Marcus Leech
> Subject: Reminder: linksec call on Tuesday at 2:00pm ET
> 
> 
> This week we will discuss MACsec header formats. Marcus Leech 
> already sent a
> preliminary proposal for discussion to the reflector. See the 
> message below
> and subsequent discussion:
> 
http://www.ieee802.org/linksec/email/msg00614.html

David Johnston will send some additional material in advance.

Call in details included below.

Dolors

---

Call in details:

Date/Time: Tuesday, 2:00pm ET
Toll Free: (800) 486-2726
Dialer Paid: (201) 368-8643
Participant Code: 535172

Bridge sponsor: Dan Romascanu, dromasca@avaya.com

Prev by Date: RE: [LinkSec] RE: Reminder: linksec call on Tuesday at 2:00pm ET
Next by Date: [LinkSec] Reminder: linksec call on Tuesday at 2:00pm ET
Prev by thread: [LinkSec] RE: bounced giant message
Next by thread: RE: [LinkSec] RE: Reminder: linksec call on Tuesday at 2:00pm ET
Index(es):
- Date
- Thread