802.11w
Last Post: April 25, 2006:
-
Thanks compughter, I believe I read about that a few years back. Interesting though is that such a change to the MAC, whether 802.11x or 802.3x based, brings the cost of the MAC chip up a little. I am curious as to the economics of doing such a thing, vs. the benefit. I really don't see it as too viable in the wired world where proper physical security will keep people(external and internal) out of the access to the wires. But, in the wireless world it is absolutely needed. But will it work. One thing my many years working with protocols is that all protocols are exploitable.
Adding security mechanisms to a MAC protocol is not an easy thing to do and also could be exploitable or when the protocol breaks for other reasons, it becomes even more difficult to troubleshoot due to the security abstraction on top.
Think of all the switch level ASIC designs for frame storage like Cisco's CAM and TCAM to compile access-lists and provide wire level QoS/security. How does that 802.1AE get implemented to co-exists with such switching ASIC port architectures?
Granted 802.1AE is between the workstation and the end switch port and may not extend beyond the switch?¡é?€??s fabric but there still may be a need to change the ASICs at the port level to support AE and keep the speed. Otherwise, there will be some form of cpu tax to handle the AE portion of the MAC mechanics(if handled in software and not burned into a port ASIC) at the port level before a frame can enter the ingress queue and then move to the outbound queue and TX ring. This is especially true of voice packets that must maintain a jitter budget. I recall a little used but interesting standard for MAC security called 802.10. For those Cisco CCNP/DP/IE guys here remember SAIDs?
http://grouper.ieee.org/groups/802/10/
So many protocols so little time.
Thanks again and keep posting the good links..
Regards..
/JS
- 1