760 likes | 919 Views
IEEE 802 JTC1 Standing Committee January 2014 agenda. 21 Jan 2104. Authors:. This presentation will be used to run the IEEE 802 JTC1 SC meetings in LA in Jan 2014. This presentation contains a proposed running order for the IEEE 802 JTC1 Standing Committee meeting in LA in Jan 2014, including
E N D
IEEE 802 JTC1 Standing CommitteeJanuary 2014 agenda • 21 Jan 2104 Authors: Andrew Myles, Cisco
This presentation will be used to run the IEEE 802 JTC1 SC meetings in LA in Jan 2014 • This presentation contains a proposed running order for the IEEE 802 JTC1 Standing Committee meeting in LA in Jan 2014, including • Proposed agenda • Other supporting material • It will be modified during the meeting to include motions, straw polls and other material referred to during the meeting Andrew Myles, Cisco
Participants have a duty to inform in relation to patents • All participants in this meeting have certain obligations under the IEEE-SA Patent Policy (IEEE-SA SB Bylaws sub-clause 6.2). Participants: • “Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents • “Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims • “Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents) • The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group • Early identification of holders of potential Essential Patent Claims is strongly encouraged; there is no duty to perform a patent search Andrew Myles, Cisco
There are a variety of patent related links • All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. • Patent Policy is stated in these sources: • IEEE-SA Standards Boards Bylaws • http://standards.ieee.org/guides/bylaws/sect6-7.html#6 • IEEE-SA Standards Board Operations Manual • http://standards.ieee.org/guides/opman/sect6.html#6.3 • Material about the patent policy is available at • http://standards.ieee.org/board/pat/pat-material.html • If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org • or visit http://standards.ieee.org/board/pat/index.html • This slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt Andrew Myles, Cisco
A call for potentially essential patents is not required in the IEEE 802 JTC1 SC • If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance: • Either speak up now or • Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or • Cause an LOA to be submitted Andrew Myles, Cisco
The IEEE 802 JTC1 SC will operate using general guidelines for IEEE-SA Meetings • All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws. • Don’t discuss the interpretation, validity, or essentiality of patents/patent claims. • Don’t discuss specific license rates, terms, or conditions. • Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings. • Technical considerations remain primary focus • Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets. • Don’t discuss the status or substance of ongoing or threatened litigation. • Don’t be silent if inappropriate topics are discussed … do formally object. • See IEEE-SA Standards Board Operations Manual, clause 5.3.10 and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details. Andrew Myles, Cisco
Links are available to a variety of other useful resources • Link to IEEE Disclosure of Affiliation • http://standards.ieee.org/faqs/affiliationFAQ.html • Links to IEEE Antitrust Guidelines • http://standards.ieee.org/resources/antitrust-guidelines.pdf • Link to IEEE Code of Ethics • http://www.ieee.org/web/membership/ethics/code_ethics.html • Link to IEEE Patent Policy • http://standards.ieee.org/board/pat/pat-slideset.ppt Andrew Myles, Cisco
The IEEE 802 JTC1 SC will operate using accepted principles of meeting etiquette • IEEE 802 is a world-wide professional technical organization • Meetings are to be conducted in an orderly and professional manner in accordance with the policies and procedures governed by the organization. • Individuals are to address the “technical” content of the subject under consideration and refrain from making “personal” comments to or about the presenter. Andrew Myles, Cisco
The IEEE 802 JTC1 SC has three slots at the LA interim meeting Tuesday 21 Jan, PM1 Wednesday22 Jan, PM1 Thursday 23 Jan, PM1 • Call to Order • Select recording secretary <- important! • Approve agenda • Conduct meeting according to agenda • Recess • Call to Order • Select recording secretary <- important! • Conduct meeting according to agenda • Recess • Call to Order • Select recording secretary <- important! • Conduct meeting according to agenda • Adjourn Andrew Myles, Cisco
The IEEE 802 JTC1 SC has a detailed list of agenda items to be considered • In no particular order: • Approve minutes • From plenary meeting in November 2014 in Dallas • Review extended goals • From IEEE 802 ExCom in Nov 2010 • Review formal status of SC • Review status of SC6 interactions • Review liaisons of drafts to SC6 • Review notifications of projects to SC6 • Review status of FDIS ballots • Review comments and next steps on FDIS ballots • 802.1X/AE • 802.1AS/AB/AR Andrew Myles, Cisco
The IEEE 802 JTC1 SC has a detailed list of agenda items to be considered • In no particular order: • Review status of security proposals in SC6 • Review meetings between IEEE 802 and Swiss NB • Discuss China NB “Snowden” contribution • TEPA-AC, TLSec, TAAA, WAPI, TISec, … • Review status of other proposals in SC6 • UHT/EUHT, WLAN Cloud, Optimization technology in WLAN, … • Plan for SC6 meeting in February 2014 • Review delegation • Review final agenda • Confirm IEEE 802 contributions • Review status of proposal for PSDO criteria • Consider any motions Andrew Myles, Cisco
The IEEE 802 JTC1 SC will consider approving its agenda • Motion to approve agenda • The IEEE 802 JTC1 SC approves the agenda for its meeting in LA in January 2014, as documented on pages 10-11of <this slide deck> • Moved: • Seconded: • Result: Andrew Myles, Cisco
The IEEE 802 JTC1 SC will consider approval of previous minutes • Motion to approve minutes • The IEEE 802 JTC1 SC approves the minutes for its meeting in Dallas in November 2013, as documented in 11-13-1418-r0 • Moved: • Seconded: • Result: Andrew Myles, Cisco
The IEEE 802 JTC1 SC reaffirmed its general goals in Sept 09, but they were extended in Nov 2010 • Agreed (with changes from Nov 2010) goals • Provides a forum for 802 members to discuss issues relevant to both: • IEEE 802 • ISO/IEC JTC1/SC6 • Recommends positions to ExCom on ISO/IEC JTC1/SC6 actions affecting IEEE 802 • Note that IEEE 802 LMSC holds the liaison to SC6, not the IEEE 802.11 WG • Participates in dialog with IEEE staff and 802 ExCom on issues concerning IEEE’s relationship with ISO/IEC • Organises IEEE 802 members to contribute to liaisons and other documents relevant to the ISO/IEC JTC1/SC6 members • Extensions • The extensions to our goals came out of the IEEE 802 ExCom ad hoc held in November 2010 on the Friday evening Andrew Myles, Cisco
The formal status of the IEEE 802 JTC1 SC is currently being “cleaned up” • Originally the IEEE 802 JTC1 SC was an ad hoc in IEEE 802.11 WG • Its scope was expanded to cover IEEE 802 issues in November 2010 • It appears, based on minutes, that somewhere between Nov 2011 and March 2012 the ad hoc was formally converted to an IEEE 802 SC • However, it is not clear whether this was done under the authority of the IEEE 802 ExCom Chair or IEEE 802 ExCom • Certainly, no one has ever objected to an SC status • The IEEE 802 ExCom Chair would like to clean up the formalities • That is likely to occur in March 2014 Andrew Myles, Cisco
In recent times, IEEE 802 has liaised a variety of drafts to SC6 • IEEE 802 has agreed to liaise drafts to SC6 when they are in Sponsor Ballot (and sometimes earlier) • The benefit to IEEE 802 is that it might cause SC6 members to participate in or contribute to IEEE 802 activities • Since the July plenary in Geneva the IEEE 802 has liaised the following drafts to SC6: • 802.11 WG • 27 Aug 2013: 802.11ac D6.0 • 27 Aug 2013: 802.11af D5.0 • 18 Nov 2013: 802.11ac D7.0 • 18 Nov 2013: 802.11af D6.0 • 802.1 WG • 9 Aug 2013: 802.1Xbx D1.0 • 25 Nov 2013: 802.1Xbx D1.2 • 802.3 WG will need to decide what they want to liaise to SC6 once the ballot on 802.3-2012 completes Andrew Myles, Cisco
The SC will discuss the possibility of liaising additional IEEE 802 drafts to SC6 • Are there any updates from the IEEE 802 JTC1 SC meeting in Nov 2013 wrtliaising 802.1 and 802.3 drats to SC6? • Mick Seaman took an action to enquire of Tony Jeffreeas to which drafts IEEE 802.1 would like to liaise to SC6 • Geoff Thomson and Bruce Kraemer took similar actions wrt David Law and 802.3 • Is there any update on the possibility of the 802.15 WG liaising 802.15.4 drafts to SC6? • 802.15 WG has been liaising 802.15.4 drafts to SC31 • It is rumoured that the ISO Secretariat would like these drafts to be liaise to SC6 • Is there any update on the possibility of the 802.22 WG liaising 802.22 drafts to SC6? • ApurvaMody(Chair of 802.22 WG) has expressed an interest in liaising 802.22 drafts to SC6 Andrew Myles, Cisco
In recent times, IEEE 802 has notified SC6 of various new projects • IEEE 802 has agreed to notify SC6 when IEEE 802 starts new projects • The benefit to IEEE 802 is that it might cause SC6 members to participate in or contribute to IEEE 802 activities • Since the July plenary in Geneva the IEEE 802 has notified SC6 of the approval of the following SGs • In 6N15723 (July 2013) • IEEE 802.3, "Power over Data Lines" SG • IEEE 802.15, “Spectrum Resources Usage in WPANs” SG • IEEE 802.15, “Beam Switchable Wireless Point-to-Point 40/100Gbps links (GbW)” SG • In 6N15827 (Nov 2013) • IEEE 802.22 Spectrum Occupancy Sensing (SOS) Study Group • IEEE 802.15.7 Optical Camera Communications Study Group • IEEE 802.15.4 Common Ranging Protocol Study Group • IEEE 802.15.4 EU Regional PHY Support Study Group Andrew Myles, Cisco
IEEE 802 has submitted ten standards for ratification under the PSDO – with 3 new approvals Andrew Myles, Cisco
IEEE 802.11-2012 has been ratified as ISO/IEC 8802-11:2012 and all FDIS comments liaised • 60 day pre-ballot: passed & comments liaised • 60 day pre-ballot passed in 2012 • Responses to comments were liaised to SC6 • FDIS ballot: passed & comments liaised • FDIS passed in 2012 • Standard published as ISO/IEC 8802-11:2012 • FDIS comments resolved in Dec 2013 • All the FDIS comments were submitted to TGmc for processing • Additional comments from Swiss NB in N15623 (a response to the IEEE 802/SC6 collaboration procedure) were also referred to TGmc • All the comments have been considered and resolutions approved as of November 2013 • See 11-13-0123-05 liaised as 6N15832 Andrew Myles, Cisco
FDIS ballot on IEEE 802.1X passed in Oct 2103 and all FDIS comments resolved • 60 day pre-ballot: passed & comments liaised • Submission in N15515 • Pre-ballot passed in 2013 • Voting results in N15555 • Comments from China NB replied to by IEEE 802 in N15607 • FDIS ballot: passed & comments resolved • FDIS passed 16/1/12 on 21 Oct 2013 • Voting results in N15771 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments resolved in Dec 2013 • See <what?> • Standard will be published as ISO/IEC 8802-1X:2013 in <when> Andrew Myles, Cisco
FDIS ballot on IEEE 802.1AE passed in Oct 2013 and all FDIS comments resolved • 60 day pre-ballot: passed & comments liaised • Submission in N15516 • Pre-ballot passed in 2013 • Voting results in N15556 • Comments from China NB replied to by IEEE 802 in N15608 • FDIS ballot: passed & comments resolved • FDIS passed 16/1/13 on 21 Oct 2013 • Voting results in N15770 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments resolved in Dec 2013 • See <what?> • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco
FDIS on 802.1AB passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15588 • Pre-ballot passed in May 2013 • Voting results in N15626 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 16/1/16 on 18 Dec 2013 • Voting results in N15829 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco
FDIS on 802.1AR passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15589 • Pre-ballot passed in May 2013 • Voting results in N15627 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 17/2/16 on 18 Dec 2013 • Voting results in N15830 • China NB & Switzerland NB voted “no” and commented • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco
FDIS on 802.1AS passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15590 • Pre-ballot passed in May 2013 • Voting results in N15628 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 18/1/16 on 18 Dec 2013 • Voting results in N15831 • China NB NBvoted “no” and China NB & Switzerland NB commented • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AS:2013 in <when> Andrew Myles, Cisco
FDIS on 802.11ae closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15552 • Pre-ballot passed in Feb 2013 • Voting results in N15599 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco
FDIS on 802.11ad closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15553 • Pre-ballot passed in Feb 2013 • Voting results in N15601 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco
FDIS on 802.11aa closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15554 • Pre-ballot passed in Feb 2013 • Voting results in N15602 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco
802.3-2012 passed the pre-ballot, and is awaiting the start to FDIS ballot • 60 day pre-ballot: passed & comments liaised • Submission in N15595 • Pre-ballot passed in May 2013 • Voting results in N15632 • Comments from China were responded to by the 802.3 Maintenance TF in Geneva in N15724 • FDIS ballot: closes 16 Feb 2014 Andrew Myles, Cisco
China NB non recognition of IEEE/IEC/ISO standards is probably not important & may not be allowed • IEEE 802 have been submitting IEEE 802 standards for ratification by ISO/IEC JTC1 using the PSDO agreement, for the purpose of ensuring IEEE 802 standards are recognised as international by everyone • However, the China NB has stated in several recent ballot comments that they may not recognise the IEEE/ISO/IEC standards • For example, in ballot on 802.1AR the China NB states., “… If these issues could not be disposed reasonably and this proposal would have been passing the FDIS ballot, it is regretful for China to be obliged to lose the responsibility and obligation of complying with and adopting the standard. Furthermore, China NB wishes to state for the record.” • This raises various questions: • Is it important? Probably not given the market demand for IEEE 802 based equipment • Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not Andrew Myles, Cisco
Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not • TBT FAQ provides some information about use of international standards • The Agreement encourages Members to use existing international standards for their national regulations, or for parts of them, unless “their use would be ineffective or inappropriate” to fulfil a given policy objective • This may be the case, for example, “because of fundamental climatic and geographical factors or fundamental technological problems” (Article 2.4) • As explained previously, technical regulations in accordance with relevant international standards are rebuttably presumed “not to create an unnecessary obstacle to international trade” • Similar provisions apply to conformity assessment procedures: international guides or recommendations issued by international standardizing bodies, or the relevant parts of them, are to be used for national procedures for conformity assessment unless they are “inappropriate for the Members concerned for, inter alia, such reasons as national security requirements, prevention of deceptive practices, protection of human health or safety, animal or plant life or health, or protection of the environment; fundamental climatic or other geographical factors; fundamental technological or infrastructural problems” (Article 5.4). Andrew Myles, Cisco
Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not • A non expert reading suggests that China could ban IEEE/ISO/IEC standards in some circumstances • If standard is inappropriate or ineffective … • … particularly if it contained fundamental technological problems • … or was contrary to national security requirements • However a ban on IEEE/ISO/IEC standards might be difficult to justify • Any requirement to use a non international standard is automatically an unnecessary obstacle to international trade … and would need to be justified • The China NB has not provided any substantive reasons related to fundamental technological problems or security requirements in the ISO/IEC/IEEE standards • Indeed most other NBs seem to disagree with the China NB Andrew Myles, Cisco
The SC will discuss next steps for processing the FDIS comments on 802.1AS/AR/AB • It is suggested that the 802.1 WG take responsibility for generating responses • Who? <-this is important • Possible actions this week • Generate liaison to SC6 noting comments from China and Switzerland, thanking them and committing to process the comments according the agreed process • Inform SC6 of a possible timetable for comment resolution • Possible actions for later • Process comments • Liaise responses to SC6 • Any objections? Andrew Myles, Cisco
Should corrigenda on 802.1AB and 802.1AS be put into pipeline • It has been noted by IEEE staff that • IEE 802.1AB has a corrigendum that was approved on 14 June 2013. • IEEE 802.1AS has a corrigendum that was approved on 23 August 2013 • Should these be the next documents that should be put into the pipeline for submission? • Or should we avoid sending minutia to SC6? Andrew Myles, Cisco
A number of security presentation have been considered by SC6 Andrew Myles, Cisco
It appears the China NB are using Snowden to promote TePA • The China NB have submitted a presentation for the next SC6 meeting in Feb 2014 • The conclusion of the presentation is a suggestion to use SC27 protocols instead of IETF or IEEE protocols • The SC will discuss a reaction to this submission • A couple of IEEE 802 members have put together some comments • Any formal response is required by 30 January Andrew Myles, Cisco
IEEE 802 member #1 has commented on the China NB’s submission • An IEEE 802 member #1 notes • First, the only way to prevent weakness from being intentionally inserted into a standard is to have an open process that allows for broad public participation, comment and review, with a relatively transparent process. • Its not true that ISO members do not have any control over IETF standards. They have as much control as anyone else. They just do not have sole control over IETF standards. • Note that the IETF standards have code points assigned to many crypto algorithms from many countries including Japan, Korea, Russia, US, and the EU. • In addition, the IETF has deprecated algorithms such as DES (and is in the process with RC4) that have shown to be weak. Andrew Myles, Cisco
IEEE 802 member #1 has commented on the China NB’s submission • An IEEE 802 member #1 notes (con’t) • In addition, the IETF did not carry over US government cipher systems such as fortezza and skipjack that were specified in netscape's SSL. • Does the ISO process allow for broad public participation, comment and review to prevent some nation state or other entity from manipulating the standards? I would say that it inherently does not and that standards developed by nation states that have not been through an open process are more likely to have been manipulated. Andrew Myles, Cisco
IEEE 802 member #1 has commented on the China NB’s submission • An IEEE 802 member #1 notes (con’t) • Background slides • Basically Snowdonia. We all know its not just the NSA that plays this game. • Standards Slices • DUAL_EC_DBRG has a flaw, fortunately many IETF standards allow for algorithm agility to make the resilient to weaknesses in the crypto algorithms. This was a conscious design choice made in TLS for a number of reasons including accommodating requirements from different groups, planning for the phasing out of partially flawed algorithms and providing fallbacks in case a catastrophic failure is discovered. • They list a lot of potential weaknesses in this section, but their examples do not support those weaknesses directly. Andrew Myles, Cisco
IEEE 802 member #1 has commented on the China NB’s submission • An IEEE 802 member #1 notes (con’t) • PAP and CHAP are not state of the art mechanisms. MS-CHAP is not an IETF standard, it is a Microsoft algorithm that was published by the IETF for informational purposes. • While the NSA and other governments undoubtably have capabilities against implementations and some algorithms there is very little information about what exactly those capabilities are (at least to my knowledge). Without this knowledge you do not know if what you develop will be an improvement. • Implementations slices • I don't see how this is relevant • Other issues: • It sounds like ISO members need to participate in the IETF. Andrew Myles, Cisco
IEEE 802 member #2 has commented on the China NB’s submission • An IEEE 802 member #2 notes • The Snowden data dump is outrageous and the behavior of the NSA is indefensible. • While I take issue with some of their talking points I think it is best to just agree that we all need to be on the lookout for attempts to compromise security or use protocols that are were not created by an open process. As they note DUAL_EC_DRBG is part of an ISO standard now. Oops. • The IETF is an international organization with participants from around the world, most of whom are justifiably irate over the breadth of NSA spying. • Pervasive monitoring of the Internet and how to address it was a large part of IETF 88 a few months ago. It might be a good idea to have a presentation summarizing what the IETF is doing about it. Andrew Myles, Cisco
A meeting was held in Aug 2013 between the IEEE 802.1/11 and Swiss NB security experts wrt TEPA • The Swiss NB has provided a significant number of comments on various IEEE 802 standards over the last few years • In particular the Swiss NB (mostly Hans-Rudolf Thomann) has had a strong interest in the TEPA based proposals in SC6 from the China NB • This interest has led to significant and important discussions related to the “state of the art” in 802 security standards • Hans-Rudolf Thomann arranged to expand discussions with the Swiss NB to other individuals • Josef Schmidwas included as another Swiss security expert • It was agreed in Geneva that a meeting should be set up between 802.1 and 802.11 security experts and the Swiss NB security experts • The first of a possible series of meetings took place on 27August 2013 Andrew Myles, Cisco
Dan Harkins provided a summary of the Aug 2013 meeting between IEEE 802 & Swiss NB reps • Meeting participants were • IEEE 802 • Bruce Kraemer (Marvell), Karen Randall (Randall Consulting), Jodi Haasz (IEEE), Mick Seaman, Dan Harkins (Aruba Networks), Brian Weis (Cisco), Peter Yee (AKAYLA) • Swiss NB • Hans-Rudolf Thomann (Thomann Consulting), Josef Schmid (FITSU), • Dan provided a meeting summary in Nanjing (from minutes) • Dan Harkins' interpretation of that teleconference is that the Swiss NB has gone backwards in their understanding of what 802.1X entities and TePA entities do in order to perform authentication. • Thomann has been concentrating on the number of entities involved instead of the functionality of those entities. • Thomann says that he will put together a presentation of how he feels that TePA certificate processing is performed in order to help improve mutual understanding. Dan will produce a similar presentation around 802.1X. Andrew Myles, Cisco
Dan Harkins provided a summary of the Aug 2013 meeting between IEEE 802 & Swiss NB reps • Dan provided a meeting summary in Nanjing (from minutes) (continued) • Once these two stories are put straight, it should be possible to return to the Swiss presentation from the Seoul JTC1 meeting and clarify the points it attempted to make. • Bruce Kraemer expressed concern that this dialog is dragging on and that we will end up going into the Ottawa meeting (February 2014) of the JTC1 SC6/WG1 with the same distance between the parties. • Josef Schmid has indicated that the Swiss government has been following the progress of TePA in JTC1, although he has not been able to articulate the reason for the particular interest. • Another discussion between the IEEE delegation and the Swiss NB representative would be highly useful before the Ottawa meeting • The timing for this meeting will be dependent on when Thomann's and Harkins' documents are available. Andrew Myles, Cisco
There has been no further meeting between IEEE 802 and the Swiss NB about TEPA after Aug 2013 • It was intended that further meetings be held after August once Dan Harkins and Hans Rudolf Thomann completed their “homework” • Dan: how certificates are used and validated in 802.1X/EAP-TLS • Hans: how certificates are used and validated in TePA • Dan Harkins reviewed his “homework” to this SC in Dallas – a version was subsequently submitted to SC6 • See N15845 • It appears that Hans Rudolf Thomann has declined to complete his “homework” and has instead proposed three new topic areas • The IEEE 802 group responded to Hans Rudolf Thomann by expressing a degree of frustration • An e-mail discussion followed but there was no conclusion and it is not clear it is going anywhere Andrew Myles, Cisco
Hans Rudolf Thomann has proposed three new TePA topics for discussion • Topic 1 • The subject of our current discussion is TePA. TePA is the (generic) mechanism specified by ISO/IEC 9798-3 Amd 1. The China NB has made Powerpoint presentations on certain TePA applications, e.g. TePA-AC targeting port-based access control, like 802.1X. In our discussion this application is a good example. We should however focus on the authentication message exchange in this comparison, as only for TePA, but not for TePA-AC a specification is available. We aim to achieve agreement with you about TePA valid for arbitrary use cases, not just for port-based access control. Andrew Myles, Cisco
Hans Rudolf Thomann has proposed three new TePA topics for discussion • Topic 2 • Basic model and configurations. 802.1X and 9798-3 Amd 1 are network security standards aiming to establish security between OSI-entities at different network locations. The model must therefore be based on OSI-entities. When comparing 802.1X and TePA OSI-entities should be matched. • 802.1X specifies three roles: supplicant, authenticator and AS. The Supplicant and Authenticator role are always assigned to two different OSI-entities, and 802.1X frequently views them as entities (see e.g. figure 7-2 of 8802-1X:2013. For EAP authentication exchange the AS role is as well necessary. While it can be co-located with the Authenticator, most port-based network access control applications use a separate Authentication Server, to allow centralized administration of authorized parties and their credentials throughout a network. Andrew Myles, Cisco
Hans Rudolf Thomann has proposed three new TePA topics for discussion • Topic 2 (continued) • In the former case, the model consists of only two entities, in the latter of three entities. The former is the co-located, the latter the remote configuration. TePA has a three-entity model (A, B, TTP), in TePA-AC mapped to controller, client and AS. • TePA and 802.1X have the same purpose but are functionally different. Entities should be matched according to their network location rather than their functions/roles. TePA and TePA-AC match with the 802.1X remote configuration as follows: • Entity B=Client=Supplicant • Entity A=Controller=Authenticator • TTP=TePA-AC AS=802.1X AS • In the 802.1X collocated configuration rigged-up with an OCSP server, the matching would be TTP=TePA-AC AS=OCSP. Andrew Myles, Cisco
Hans Rudolf Thomann has proposed three new TePA topics for discussion • Topic 3 • The essential feature of TePA is the presence of a TTP. Before entering information exchange with a peer-entity an entity must obtain assurance that the peer-entity is entrusted for the intended kind of information exchange (application). In TePA, this is achieved in two steps: • a. The TTP assures to entity A (B) that the holder of certificate B (A) is entrusted. • b. Entity A (B) obtains proof from entity B (A) that it is the holder of certificate B (A) (mutual authentication). • Trust is defined by 3.4.64 of X.509-2012 as follows: ": Entity X is said to trust entity Y for a set of activities if and only if entity X relies upon entity Y behaving in a particular way with respect to the activities. The emphasized parts illustrate the scope and impact of trust. Andrew Myles, Cisco
Hans Rudolf Thomann has proposed three new TePA topics for discussion • Topic 3 (continued) • Though the current edition of the ISO standard is not specific on what exactly the TTP is doing, the proposers (the Chinese) had applications like TePA-AC in mind. Plain validation of the certificate status and origin converts an open anonymous into an open identified network, but not in a secure network: A network becomes secure by verifying that the certificate holder is admitted to this network. Plain validation of certificate status and origin allows for unauthorized (fake) clients (802.11 STAs) and controllers (802.11 APs): The only thing an attacker needs is a valid certificate! • The TePA TTP performs identity-based access control, using the Identities (see 9798-3 amd 1) of entities A and B. Andrew Myles, Cisco