[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Minutes of IPSEC 25th IETF
Notes from the IPSEC BOF 11-17-92
Hosted by Steve Crocker, TIS & Al Hoover ANS CO+RE Systems, Inc
Presentation: Network Security for Internet Protocols
Paul A. Lambert, Motorola, Inc.
Secure Telecommunications Strategic Business Unit
8220 E. Roosevelt Rd.
Scottsdale, AZ
(602) 441-3646
Paul_Lambert@email.mot.com
Paul's presentation started out with an overview of "What is Network
Security" including an explanation of ISO 7498-2 which defines security
services for: Authentication, Access Control, Integrity, Confidentiality
and Non-repudiation and mention of other security mechanisms (Physical
isolation, Audit trails and Trusted Functionality)
Paul presented a slide entitled Threats provided a definition "A threat is a
potential violation of security" and identified the following categories:
Masquerade/Impersonation, Unauthorized behavior and access, Leakage of
information, Integrity threats including: Modification of information,
Message sequencing (Replay, Pre-play, Delay), Repudiation (Denial of
origin, Denial of delivery) and Denial of Service.
Paul then presented a series of slides covering authentication mechanisms
including: passwords, PINs, biometrics, symmetric cryptography (e.g. DES
based message authentication codes), asymmetric cryptography (e.g. X.509
public key based authentication) and implicit authentication (physical
connectivity).
Paul presented an overview of security in the OSI reference model with
discussion of X.509, X.411 and a focus on NLSP and TLSP. Paul gave a
detailed presentation on Network Layer Security Protocol Model (NLSP)
and contrasted it to Transport Layer Security Protocol Model (TLSP)
including stack diagrams. Paul then presented an overview on IEEE 802.10
Standard for Secure Interoperable LAN Security (SILS) and Secure Data
Exchange (SDE).
Next Paul presented a slide which summarized the applicable security
standards: ISO/IEC DIS 11577 Network Layer Security Protocol, ISO/IEC
DIS 10736 Transport Layer Security PROTOCOL
Paul also provided copies of the following publications as handouts:
ISO/IEC JTC1/SC6 Project: 1.06.49 DTR Ballot Text of the Second Edition
of ISO/IEC TR 9577:1990 - Information Technology - Telecommunications
and Information Exchange Between Systems - Protocol Identification in
the Network Layer.
ISO/IEC JTC1/SC6 Project: 1.06.59 Information Technology -
Telecommunications and Information Exchange Between Systems -
Network Layer Security Protocol.
ISO.IEC JTC1/SC6 Project: 1.06.35.06, 1.06.59 and 1.06.60 - FOR
COMMENTS - Third Working Draft Text for Lower Layers Security
Guidelines.
Layer Wars: Protect the Internet with Network Layer Security - Author,
Paul Lambert, Motorola, Inc., Secure Telecommunications.
Corrections were announced to the IPSEC mailing list and archive as
follows:
ipsec@ans.net - posting to mailing list
ipsec-request@ans.net - request for addition to the mailing list
ftp.ans.net ~pub/archive/ipsec - ipsec list archive
A poll during the meeting indicated the desire and support to establish a
formal working group for IPSEC. A secondary meeting was scheduled
where the proposed charter for IPSEC WG was discussed among attendees.
The decision was made to submit a revised charter which was discussed
on the mailing list and request the establishment of IPSEC as a formal
working group with Paul Lambert and Al Hoover acting as co-chairs.
This meeting was attended by 37 persons. All registered attendees have
been added to the list.
James M. Galvin
Paul Lambert
Russell Housley
James Zmuda
Robert Shirey
Bill Edison
Chuck Warlick
Andrew Knudsen
Jim Barnes
Phil Karn
Sean O'Malley
Hilarie Orman
Morton Taragin
Art Dertke
Dean Throop
Warren Vik
Tang Tang
Roland Acra
Steve Crocker
Merike Kaeo
Mike St. Johns
Terry Gray
Sam Schaen
Paul Sangster
Mohammad Mirhakkak
Rob Hagens
Neil Haller
Rich Graveman
Tom Benkart
Brad Rhoades
Noel Chiappa
Donald Eastlake
Barbara Fraser
Cynthia Dellatorre
Ran Atkinson
Paulina Knibbe
Al Hoover