RE: [802.21] Security SG: Scope issues (MIH-level Security)
I agree that the study group should include within the scope of the PAR, the requirements on where transport security must be applied and recommend at least one set of transport security protocols and their settings (authentication, encryption, etc.). Including this would address system level security and interoperability.
However, if the question is when security should be applied at the application (MIH) level rather than at the transport level, I struggle to identify any case. Transport level security is probably sufficient to protect MIH messaging, even authentication.
Maybe, optional additional integrity can be placed on some information elements by signing. E.g. The MIH agent could sign information it collects such as location and battery level.
Regards,
Ron
> -----Original Message-----
> From: Clint Chaplin [mailto:clint.chaplin@GMAIL.COM]
> Sent: Tuesday, December 18, 2007 6:17 PM
> To: STDS-802-21@LISTSERV.IEEE.ORG
> Subject: Re: [802.21] Security SG: Scope issues (MIH-level Security)
>
> MIH-MIH authentication.
>
> On 12/18/07, Yoshihiro Ohba <yohba@tari.toshiba.com> wrote:
> > We had good discussion on scope issues on SSOH (Security Signaling
> > Optimization during Handover) problem.
> >
> > Let me start another thread to discuss scope issues on another
> > security-related problem, i.e., MIH-level security mechanisms (MIHS).
> >
> > Since MIHS has not been discussed much, we need more discussion so
> > that we can formulate MIHS part of PAR before January meeting.
> >
> > Please state your opinion on the following issue by December 21 (Fri),
> > 2007.
> >
> > Issue: What are the use cases that require MIH-level security instead
> > of transport-level security?
> >
> > Best Regards,
> > Yoshihiro Ohba
> >
>
>
> --
> Clint (JOATMON) Chaplin
> Principal Engineer
> Corporate Standardization (US)
> SISA