RE: [RPRWG] FW: [EFM-P2MP] RE: [EFM] P2MP Call Notes / Security
Hi Devendra,
I do understand that higher levels have the option of securing the data packets, but I do not agree that the lower layers should not support security. SSL exists above layer 4 and then there is IPSec which is lower SSL and was still defined. Anyway, it is pointless to go over them. Neither IEEE nor OSI have a formal security layer defined from my knowledge. It is our perception as to where security would sit.
It would be nice to hear from vendors who are also hear in the reflector and who will be deploying product over EPON, RPR, etc whether a unsecure, shared medium is acceptable for service delivery. I would think that doing security at the MAC layer would not be that complex. On the contrary since MAC layer is the lowest layer with with semantic knowledge a proper security for integrity would make the most sense.
Ain't it ?
Thanks
SG
*********** REPLY SEPARATOR ***********
On 8/15/2002 at 6:48 PM Devendra Tripathi wrote:
>Hi Sukanta,
>
>It is not a question of being bad but in-efficient.
>
>The layering by IEEE or OSI was done to handle various functions at various
>layers. Following that there is no duplication of the function. Please keep
>in mind that all application layer security proptocols like SSL and then so
>many of them coming at XML level are all going to be there anyway. If every
>layer starts doing this job, then there is too much redundancy.
>
>The MAC is supposed to make sure that error free packets are sent and
>received to and from MAC addresses within certain time bounds. If someone
>is
>tapping the wire and collects the bits, and if that is an issue, it has to
>be sorted at highier layer. I do not care if this e-mail data is seen by
>anyone whether it goes via LAN or WAN RPR or Ethernet. If I do, I will make
>sure to use an application which will cause the address and/or content
>encrypted and may be authenticated.
>
>
>Regards,
>Devendra.
>
>> -----Original Message-----
>> From: Sukanta Ganguly [mailto:sganguly@xxxxxxxxxxxxxxxxxx]
>> Sent: Wednesday, August 14, 2002 6:30 PM
>> To: Devendra Tripathi; Mike Takefman; Romascanu, Dan (Dan)
>> Cc: stds-802-17@xxxxxxxx; Jonathan.Thatcher@xxxxxxxxxxxxxxxxxxxx
>> Subject: RE: [RPRWG] FW: [EFM-P2MP] RE: [EFM] P2MP Call Notes / Security
>>
>>
>> Devendra,
>> I am not sure why we are considering security in the MAC layer
>> to be so bad. After all the MAC layer possess a lot of semantics
>> of the protocol and not just bits and bytes. Proper packets are
>> being prepared/altered/doctored, etc at the MAC layer. It should
>> provide security for the semantics at that layer for integrity.
>> Don't you agree with that?
>>
>>
>> Thanks
>> SG
>>
>> *********** REPLY SEPARATOR ***********
>>
>> On 8/15/2002 at 3:49 PM Devendra Tripathi wrote:
>>
>> >>
>> >> Really personal opinion:
>> >> In the end, I must admit that I believe that the MAC
>> >> should not add encryption. Encryption is a user
>> >> problem, and with technology advancing at the pace it
>> >> does, companies and individuals who are really concerned
>> >> with privacy will always encrypt themselves anyay.
>> >
>> >
>> >Agreed. The last thing we want is to bring encryption which is a
>> >session/presentation layer thing onto MAC or data link layer.
>> >
>> >Regards,
>> >Devendra.
>> >
>> >---
>> >[This E-mail scanned for viruses by Declude Virus]
>>
>>
>>
>> ---
>> [This E-mail scanned for viruses by Declude Virus]
>>
>>
>
>---
>[This E-mail scanned for viruses by Declude Virus]