Re: [802.21] Security SG: Scope issues (MIH-level Security)
On Fri, Dec 21, 2007 at 05:17:18PM -0500, Lily Chen wrote:
> Yoshi:
>
> I though about your question. MIH level security implies two aspects
> (1) entity authentication (and keys); (2) protection (encryption,
> integrity protection).
In general (1) and (2) are tightly coupled.
>
> Whether the protection can be achieved through transport level
> security depends on whether we can de-couple the protection with
> authentication (and keys). If the protection is applied through
> IPsec, the tunnel is established through IKE (mutual authenticate by
> signature with PKI), will this tunnel dedicate to MIH?
In 802.11u use case (Annex H.8 of 802.21 D8.0) case, the tunnel would
be established between AP and IS server instead of between MN and IS
server (so MIH endpoints and transport endpoints are not the same).
In this case, the tunnel may be shared by multiple MNs, and transport
level security does not provide MIH-MIH authentication or MIH-MIH
protection.
Yoshihiro Ohba
>
> Authentication and key establishment are based on MIH trust model.
> Transport level protection may not.
>
> The question is coupling or de-coupling (1) and (2).
>
> Lily
>
>
>
>
> At 04:29 PM 12/18/2007, Yoshihiro Ohba wrote:
> >We had good discussion on scope issues on SSOH (Security Signaling
> >Optimization during Handover) problem.
> >
> >Let me start another thread to discuss scope issues on another
> >security-related problem, i.e., MIH-level security mechanisms (MIHS).
> >
> >Since MIHS has not been discussed much, we need more discussion so
> >that we can formulate MIHS part of PAR before January meeting.
> >
> >Please state your opinion on the following issue by December 21 (Fri),
> >2007.
> >
> >Issue: What are the use cases that require MIH-level security instead
> >of transport-level security?
> >
> >Best Regards,
> >Yoshihiro Ohba