Date: Sun, 1 Oct 1995 20:52:25 -0500 From: lidinsky@hep.net (Bill Lidinsky) To: p8021@hepnet.hep.net Subject: VLAN use of SDE I just read this email from Russ Housley to Don Loughry. It bears on the 802.1 interim meeting. +-------------------------------------------------------------+ | Bill Lidinsky 802.1 Chair | | | | Internet: lidinsky@hep.net M/S 368 FCC3E | | Internet: lidinsky@fnal.gov HEPNRC at Fermilab | | Bitnet: lidinsky@fnal P.O. Box 500 | | DECnet: fnal::lidinsky Batavia, IL 60510 | | +1 708 840-8067 (phone) USA | | +1 708 840-8463 (fax) (for parcels: | | Kirk Rd. & Pine St.) | +-------------------------------------------------------------+ ----- Begin Included Message ----- Date: Thu, 14 Sep 95 14:37:32 From: "Housley, Russ" To: don_loughry@hp6600.desk.hp.com Cc: 802exec@nic.hep.net, tpike@ub.com, mmcnealis@cisco.com, sils@orion.ncsc.mil Subject: VLAN use of SDE Don: At the Hawaii Plenary meeting, Martin McNealis presented a tutorial on VLANs. The presentation recommended the use of SDE (IEEE Std 802.10b-1992) for traffic segmentation. This note provides a response from the IEEE 802.10 Working Group on that presentation. We completely agree with the tutorial presenter that SDE is well suited to provide traffic segmentation. In fact, SDE was designed to provide cryptographic separation of traffic. The IEEE 802.10 Working Group encourages the use of SDE in this manner. However, SDE must provide confidentiality, integrity, or both confidentiality and integrity. The SDE standard documents this requirement in clause 2.7.4. The tutorial presentation does not include the use of cryptographic mechanisms to provide these security services, and to use SDE such an addition is necessary. We encourage the use of SDE with cryptographic security mechanisms to implement VLANs. Further, we will gladly work with the IEEE 802.1 Working Group to select appropriate cryptographic mechanisms for the VLAN application. Thanks, Russ ----- End Included Message -----