2013-02-security-tg-minutes.txt Minutes of the 802.1 Security Task Group Interm Meeting, Austin TX, 12-14th February 2013 ------------------------------------------------------------------------------------------------------------------------------------- The Security Task Group met Tuesday 12th (a.m. & p.m.), Wednesday 13th (a.m. & p.m.), Thursday 14th (a.m.). Thanks to James McIntosh (Vitesse) for hosting the meeting Attendees: Mick Seaman, Chair Brian Weis Karen Randall Dan Harkins (by teleconference, for SC6 discussion) 1. Patent Policy The chair showed the patent policy slides and issued the call for notification of essential patents at the start of each day's meetings. There were no responses at this time. On each occasion the TG chair noted that the patent policy slides could be found in the opening plenary slides (pointer distributed to the 802.1 email list by the 802.1 WG chair) if attendees wished to study them further, and that notifications of essential patents could be made to either the TG or WG chair at any time. 2. Agenda items The chair mentionned that RevCom had recently approved IEEE Std 802.1AEbw, that he had been working with the IEEE editors on the final text (incorporating latest boiler plate, review for current style guidelines etc.) and that he expected it to be published shortly. Items for the agenda had been discussed in the Tuesday 29th January teleconference (minutes previously circulated to the 802.1 email exploder). - P802.1Xbx - the recent SC6 ballots pre-ballots under the PSDO on 802.1X and 802.1AE (both passed), the China NB member comments, and the response to 6N15523 drafted by Dan Harkins - the 'MACsec hops' note and related guidance (an updated version has since been uploaded) the following were also discussed: - Future TG meetings 3. P802.1Xbx The group continued to discuss the MKA suspension issues raised by Brian Weiss and discussed in the January teleconference. Mick Seaman proposed focusing on the CP state machine and the very slight change required to ensure continued operation with an existing key even if the Key Server changed. The existing implied guarantees provided by liveness were discussed together with the adequacy (or lack of it) of continued data traffic as an indication of participant presence and interest in the current key while MKA operation is suspended. Mick would produce a further draft attempting a best shot at a converged view for further discussion at a (to be scheduled) teleconference. The goal would be to conduct a task group ballot (at least) prior to the July 802.1 meeting. 4. SC6 PSDO progression of 802.1X and 802.1AE Dan presented his draft proposed response to 6N15523 - "A Comparative Analysis of TePA/KA4 and IEEE 802.1X Security". The target for the response would be the June 2013 meeting of SC6. Dan undertook to update the document. Presumed next steps would include review at the 802 SC6 adhoc series of meetings. The China NB comments on the SC6 PSDO pre-ballot of 802.1X and 802.1AE were discussed. Mick undertook to provide an initial response using Brian's notes of the discussion [response text is now being considered and revised by 802 SC6 ad hoc]. 5. MACsec hops Karen said that she had found the document helpful. Agreed that 'hop-specific' would be a better term than 'hop-by-hop'. Threats discussion should give more prominence to confidentiality bearing in mind the importance of https traffic (secured above layer 3). Mick will produce a further version. 6. Future TG meetings There would not be a TG meeting at the March plenary or May 802.1 interim. Mick and Karen proposed to attend the July 2013 plenary (Geneva) and the September 2013 interim (York).