Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.21] Security SG: Comments on TR contribution



Title: Samsung Enterprise Portal mySingle

Hello Marc,
Here are some comments on the Security TR draft: 

2.1.2  General Requirements

 

R.05 “It shall conduct an authentication during handover to a different media. That is, a transition to a different media shall be authorized based on an authentication”

 

<<This needs rewording. Authentication does not authorize a ‘transition’ to a different network.>>

 

2.2.1 Potential Approaches Matrix

 

Figure 5:

<<For the case of Intra-domain/Inter-technology EAP-EAP, an EAP pre-authentication based solution is also possible. It need not be limited to a Key hierarchy based solution. Likewise, a Key hierarchy based solution may also apply to Inter-domain cases. The solutions for Inter-domain cases are not clear yet, and need not be limited to EAP pre-authentication.>>

 

3. MIH Level Security

 

3.1.1 General Requirements

Under MIH based access control, “In some implementations the MN MIHF should be able to select the most well known IS MIHF among all available”

<<The term ‘well known’ is not clear. If ‘most trusted’ is what is meant here, then a reputation score needs to be assigned to IS MIHF based on previous transactions.>>

 

3.1.3.1  Assumptions

 

A1.5 “The MN trusts the validity of the services based on the use of standard MIH services”

<<This needs rewording. It is not clear what is meant by this statement.>>

 

3.1.6 Use Case 4

“The MN is located in either the visited or in the home network, and the PoS is located in a 3rd party network”.

<<Even before thinking of security issues for this use case, we need to think whether this is a realistic scenario. How or why would an untrusted 3rd party network provide mobility services to a MN in its home/visited network? There is no assumption that network specific information is shared between the 3rd party network and the home/visited network. >>

 

3.1.7 Use case 5

“The MN is accessing the IS while the MN is not unauthenticated to the network”

<<Reword to: The MN is accessing the IS while the MN is not authenticated to the network>>

 

 

 Rahul Sinha
Samsung Electronics
 

------- Original Message -------
Sender : Meylemans, Marc<Marc.Meylemans@INTEL.COM>
Date   : Jan 09, 2008 15:01 (GMT+09:00)
Title  : Re: [802.21] Security SG: Reminder for TR contribution

All,

I posted rev 0.4 of the MIH Security Technical Report on the new
document control website.
I incorporated Michael&#39;s and Maryna&#39;s contribution on MIH level security
(21-08-0011-00-0Sec-MIH_Service_Security.doc) in Section 3 (and Annex B)
of the TR.

Please review and provide feedback.

Thanks,
-Marc Meylemans

-----Original Message-----
From: Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM] 
Sent: Tuesday, January 08, 2008 5:41 AM
To: STDS-802-21@LISTSERV.IEEE.ORG
Subject: Re: [802.21] Security SG: Reminder for TR contribution

Upon a request of Editor, the deadline is extended to today (Jan 8),
AOE.

Best Regards,
Yoshihiro Ohba

On Fri, Jan 04, 2008 at 09:45:42AM -0500, Yoshihiro Ohba wrote:
> Submission Deadline is January 7, 2008, AOE (Anywhere on Earth).

> After the deadline, I&#39;ll submit agenda for Security SG meeting in
Taipei.

> Yoshihiro Ohba

> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________



 
 
Rahul Sinha, Ph. D
Senior Engineer,
Samsung Electronics