Re: [LinkSec] LinkSec 80-2.1AE Teleconference notes 9/16/03
Russ, sorry, some of this should have been edited out as it's incomplete,
see below.
I've written what I thought the speakers meant, but if they would clarify
it would be better--
Allyn
At 11:08 AM 9/20/2003 -0400, Russ Housley wrote:
>I do not understand these paragraphs. Please explain.
>
>Russ
>
>At 11:14 PM 9/19/2003 -0700, allyn romanow wrote:
>>Isn't key management policy outside of scope? Yes but need to define
>>a security assoc that presupposes a key update mechanism
I think this makes sense and refers to the fact that there are/will be
multiple efforts under "linksec"- one is MACsec, the protocol definition,
which does not do key management. I took this comment to mean that the
general work of linksec includes key management, though MACsec doesn't.
The person who said it could clarify further--
>>.10 problem was that it allowed non interoperable
sorry, incomplete notes
>>Don't want to end up with the requirement that you would have to tell,
>>or know what kind of bridge station is on
I think this meant that the person felt that knowing whether a packet is
going through a provider bridge or not, should not be knowledge that is
required to make the security protocol work
>>.10 fragmentation shouldn't be followed, allows arbitrary fragmentation
I think the person who said this feels that 802.10 allows an arbitrary
amount of fragmentation, in this case, more than fragmentation into two
segments, and that he feels that he does not want LinkSec to do
fragmentation in the same way that 802.10 did.