1 / 73

IEEE 802 JTC1 Standing Committee January 2014 agenda

IEEE 802 JTC1 Standing Committee January 2014 agenda. 21 Jan 2104. Authors:. This presentation will be used to run the IEEE 802 JTC1 SC meetings in LA in Jan 2014. This presentation contains a proposed running order for the IEEE 802 JTC1 Standing Committee meeting in LA in Jan 2014, including

vangie
Télécharger la présentation

IEEE 802 JTC1 Standing Committee January 2014 agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE 802 JTC1 Standing CommitteeJanuary 2014 agenda • 21 Jan 2104 Authors: Andrew Myles, Cisco

  2. This presentation will be used to run the IEEE 802 JTC1 SC meetings in LA in Jan 2014 • This presentation contains a proposed running order for the IEEE 802 JTC1 Standing Committee meeting in LA in Jan 2014, including • Proposed agenda • Other supporting material • It will be modified during the meeting to include motions, straw polls and other material referred to during the meeting Andrew Myles, Cisco

  3. Participants have a duty to inform in relation to patents • All participants in this meeting have certain obligations under the IEEE-SA Patent Policy (IEEE-SA SB Bylaws sub-clause 6.2). Participants: • “Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents • “Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims • “Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents) • The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group • Early identification of holders of potential Essential Patent Claims is strongly encouraged; there is no duty to perform a patent search Andrew Myles, Cisco

  4. There are a variety of patent related links • All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. • Patent Policy is stated in these sources: • IEEE-SA Standards Boards Bylaws • http://standards.ieee.org/guides/bylaws/sect6-7.html#6 • IEEE-SA Standards Board Operations Manual • http://standards.ieee.org/guides/opman/sect6.html#6.3 • Material about the patent policy is available at • http://standards.ieee.org/board/pat/pat-material.html • If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org • or visit http://standards.ieee.org/board/pat/index.html • This slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt Andrew Myles, Cisco

  5. A call for potentially essential patents is not required in the IEEE 802 JTC1 SC • If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance: • Either speak up now or • Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or • Cause an LOA to be submitted Andrew Myles, Cisco

  6. The IEEE 802 JTC1 SC will operate using general guidelines for IEEE-SA Meetings • All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws. • Don’t discuss the interpretation, validity, or essentiality of patents/patent claims. • Don’t discuss specific license rates, terms, or conditions. • Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings. • Technical considerations remain primary focus • Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets. • Don’t discuss the status or substance of ongoing or threatened litigation. • Don’t be silent if inappropriate topics are discussed … do formally object. • See IEEE-SA Standards Board Operations Manual, clause 5.3.10 and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details. Andrew Myles, Cisco

  7. Links are available to a variety of other useful resources • Link to IEEE Disclosure of Affiliation • http://standards.ieee.org/faqs/affiliationFAQ.html • Links to IEEE Antitrust Guidelines • http://standards.ieee.org/resources/antitrust-guidelines.pdf • Link to IEEE Code of Ethics • http://www.ieee.org/web/membership/ethics/code_ethics.html • Link to IEEE Patent Policy • http://standards.ieee.org/board/pat/pat-slideset.ppt Andrew Myles, Cisco

  8. The IEEE 802 JTC1 SC will operate using accepted principles of meeting etiquette • IEEE 802 is a world-wide professional technical organization • Meetings are to be conducted in an orderly and professional manner in accordance with the policies and procedures governed by the organization. • Individuals are to address the “technical” content of the subject under consideration and refrain from making “personal” comments to or about the presenter. Andrew Myles, Cisco

  9. The IEEE 802 JTC1 SC has three slots at the LA interim meeting Tuesday 21 Jan, PM1 Wednesday22 Jan, PM1 Thursday 23 Jan, PM1 • Call to Order • Select recording secretary <- important! • Approve agenda • Conduct meeting according to agenda • Recess • Call to Order • Select recording secretary <- important! • Conduct meeting according to agenda • Recess • Call to Order • Select recording secretary <- important! • Conduct meeting according to agenda • Adjourn Andrew Myles, Cisco

  10. The IEEE 802 JTC1 SC has a detailed list of agenda items to be considered • In no particular order: • Approve minutes • From plenary meeting in November 2014 in Dallas • Review extended goals • From IEEE 802 ExCom in Nov 2010 • Review formal status of SC • Review status • Review liaisons of drafts to SC6 • Review notifications of projects to SC6 • Review status of FDIS ballots • Review comments and next steps on FDIS ballots • 802.1X/AE • 802.1AS/AB/AR Andrew Myles, Cisco

  11. The IEEE 802 JTC1 SC has a detailed list of agenda items to be considered • In no particular order: • Review status of security proposals in SC6 • Review meetings between IEEE 802 and Swiss NB • TEPA-AC, TLSec, TAAA, WAPI, TISec, … • Review status of other proposals in SC6 • UHT/EUHT, WLAN Cloud, Optimization technology in WLAN, … • Plan for SC6 meeting in February 2014 • Review delegation • Review final agenda • Confirm IEEE 802 contributions • Review status of proposal for PSDO criteria • Consider any motions Andrew Myles, Cisco

  12. The IEEE 802 JTC1 SC will consider approving its agenda • Motion to approve agenda • The IEEE 802 JTC1 SC approves the agenda for its meeting in LA in January 2014, as documented on pages 10-11of <this slide deck> • Moved: • Seconded: • Result: Andrew Myles, Cisco

  13. The IEEE 802 JTC1 SC will consider approval of previous minutes • Motion to approve minutes • The IEEE 802 JTC1 SC approves the minutes for its meeting in Dallas in November 2013, as documented in 11-13-1418-r0 • Moved: • Seconded: • Result: Andrew Myles, Cisco

  14. The IEEE 802 JTC1 SC reaffirmed its general goals in Sept 09, but they were extended in Nov 2010 • Agreed (with changes from Nov 2010) goals • Provides a forum for 802 members to discuss issues relevant to both: • IEEE 802 • ISO/IEC JTC1/SC6 • Recommends positions to ExCom on ISO/IEC JTC1/SC6 actions affecting IEEE 802 • Note that IEEE 802 LMSC holds the liaison to SC6, not the IEEE 802.11 WG • Participates in dialog with IEEE staff and 802 ExCom on issues concerning IEEE’s relationship with ISO/IEC • Organises IEEE 802 members to contribute to liaisons and other documents relevant to the ISO/IEC JTC1/SC6 members • Extensions • The extensions to our goals came out of the IEEE 802 ExCom ad hoc held in November 2010 on the Friday evening Andrew Myles, Cisco

  15. The formal status of the IEEE 802 JTC1 SC is currently being “cleaned up” • Originally the IEEE 802 JTC1 SC was an ad hoc in IEEE 802.11 WG • Its scope was expanded to cover IEEE 802 issues in November 2010 • It appears, based on minutes, that somewhere between Nov 2011 and March 2012 the ad hoc was formally converted to an IEEE 802 SC • However, it is not clear whether this was done under the authority of the IEEE 802 ExCom Chair or IEEE 802 ExCom • Certainly, no one has ever objected to an SC status • The IEEE 802 ExCom Chair would like to clean up the formalities • That is likely to occur in March 2014 Andrew Myles, Cisco

  16. In recent times, IEEE 802 has liaised a variety of drafts to SC6 • IEEE 802 has agreed to liaise drafts to SC6 when they are in Sponsor Ballot (and sometimes earlier) • The benefit to IEEE 802 is that it might cause SC6 members to participate in or contribute to IEEE 802 activities • Since the July plenary in Geneva the IEEE 802 has liaised the following drafts to SC6: • 802.11 WG • 27 Aug 2013: 802.11ac D6.0 • 27 Aug 2013: 802.11af D5.0 • 18 Nov 2013: 802.11ac D7.0 • 18 Nov 2013: 802.11af D6.0 • 802.1 WG • 9 Aug 2013: 802.1Xbx D1.0 • 25 Nov 2013: 802.1Xbx D1.2 • 802.3 WG will need to decide what they want to liaise to SC6 once the ballot on 802.3-2012 completes Andrew Myles, Cisco

  17. The SC will discuss the possibility of liaising additional IEEE 802 drafts to SC6 • Are there any updates from the IEEE 802 JTC1 SC meeting in Nov 2013 wrtliaising 802.1 and 802.3 drats to SC6? • Mick Seaman took an action to enquire of Tony Jeffreeas to which drafts IEEE 802.1 would like to liaise to SC6 • Geoff Thomson and Bruce Kraemer took similar actions wrt David Law and 802.3 • Is there any update on the possibility of the 802.15 WG liaising 802.15.4 drafts to SC6? • 802.15 WG has been liaising 802.15.4 drafts to SC31 • It is rumoured that the ISO Secretariat would like these drafts to be liaise to SC6 • Is there any update on the possibility of the 802.22 WG liaising 802.22 drafts to SC6? • ApurvaMody(Chair of 802.22 WG) has expressed an interest in liaising 802.22 drafts to SC6 Andrew Myles, Cisco

  18. In recent times, IEEE 802 has notified SC6 of various new projects • IEEE 802 has agreed to notify SC6 when IEEE 802 starts new projects • The benefit to IEEE 802 is that it might cause SC6 members to participate in or contribute to IEEE 802 activities • Since the July plenary in Geneva the IEEE 802 has notified SC6 of the approval of the following SGs • In 6N15723 (July 2013) • IEEE 802.3, "Power over Data Lines" SG • IEEE 802.15, “Spectrum Resources Usage in WPANs” SG • IEEE 802.15, “Beam Switchable Wireless Point-to-Point 40/100Gbps links (GbW)” SG • In 6N15827 (Nov 2013) • IEEE 802.22 Spectrum Occupancy Sensing (SOS) Study Group • IEEE 802.15.7 Optical Camera Communications Study Group • IEEE 802.15.4 Common Ranging Protocol Study Group • IEEE 802.15.4 EU Regional PHY Support Study Group Andrew Myles, Cisco

  19. IEEE 802 has submitted ten standards for ratification under the PSDO – with 3 new approvals Andrew Myles, Cisco

  20. IEEE 802.11-2012 has been ratified as ISO/IEC 8802-11:2012 and all FDIS comments liaised • 60 day pre-ballot: passed & comments liaised • 60 day pre-ballot passed in 2012 • Responses to comments were liaised to SC6 • FDIS ballot: passed & comments liaised • FDIS passed in 2012 • Standard published as ISO/IEC 8802-11:2012 • FDIS comments resolved in Dec 2013 • All the FDIS comments were submitted to TGmc for processing • Additional comments from Swiss NB in N15623 (a response to the IEEE 802/SC6 collaboration procedure) were also referred to TGmc • All the comments have been considered and resolutions approved as of November 2013 • See 11-13-0123-05 liaised as 6N15832 Andrew Myles, Cisco

  21. FDIS ballot on IEEE 802.1X passed in Oct 2103 and all FDIS comments resolved • 60 day pre-ballot: passed & comments liaised • Submission in N15515 • Pre-ballot passed in 2013 • Voting results in N15555 • Comments from China NB replied to by IEEE 802 in N15607 • FDIS ballot: passed & comments resolved • FDIS passed 16/1/12 on 21 Oct 2013 • Voting results in N15771 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments resolved in Dec 2013 • See <what?> • Standard will be published as ISO/IEC 8802-1X:2013 in <when> Andrew Myles, Cisco

  22. FDIS ballot on IEEE 802.1AE passed in Oct 2013 and all FDIS comments resolved • 60 day pre-ballot: passed & comments liaised • Submission in N15516 • Pre-ballot passed in 2013 • Voting results in N15556 • Comments from China NB replied to by IEEE 802 in N15608 • FDIS ballot: passed & comments resolved • FDIS passed 16/1/13 on 21 Oct 2013 • Voting results in N15770 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments resolved in Dec 2013 • See <what?> • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco

  23. FDIS on 802.1AB passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15588 • Pre-ballot passed in May 2013 • Voting results in N15626 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 16/1/16 on 18 Dec 2013 • Voting results in N15829 • China NB only negative vote, with comments from China NB & Switzerland NB • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco

  24. FDIS on 802.1AR passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15589 • Pre-ballot passed in May 2013 • Voting results in N15627 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 17/2/16 on 18 Dec 2013 • Voting results in N15830 • China NB & Switzerland NB voted “no” and commented • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco

  25. FDIS on 802.1AS passed in Dec 2013 and FDIS comment resolution in process • 60 day pre-ballot: passed & comments liaised • Submission in N15590 • Pre-ballot passed in May 2013 • Voting results in N15628 • Comments from China replied to in N15659 • FDIS ballot: passed & comments in process • FDIS passed 18/1/16 on 18 Dec 2013 • Voting results in N15831 • China NB NBvoted “no” and China NB & Switzerland NB commented • FDIS comments will be resolved in 2014 • Likely to be similar to responses to 802.1X/AE because comments are similar • Standard will be published as ISO/IEC 8802-1AE:2013 in <when> Andrew Myles, Cisco

  26. FDIS on 802.11ae closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15552 • Pre-ballot passed in Feb 2013 • Voting results in N15599 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco

  27. FDIS on 802.11ad closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15553 • Pre-ballot passed in Feb 2013 • Voting results in N15601 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco

  28. FDIS on 802.11aa closes in Jan 2014 • 60 day pre-ballot: passed & comments liaised • Submission in N15554 • Pre-ballot passed in Feb 2013 • Voting results in N15602 • Comments from China replied to by IEEE 802 in N15647 • The China NB comments are based on their disapproval of IEEE 802.11-2012 • IEEE 802 referred China NB to disposition of comments on IEEE 802.11-2012 • Comments from Japan in N15664 • These comments expressed a concern about having too many amendments outstanding • Japan NB has informally accepted idea that IEEE 802 should be responsible for all maintenance processes • FDIS ballot: closes 28 Jan 2014 Andrew Myles, Cisco

  29. 802.3-2012 passed the pre-ballot, and is awaiting the start to FDIS ballot • 60 day pre-ballot: passed & comments liaised • Submission in N15595 • Pre-ballot passed in May 2013 • Voting results in N15632 • Comments from China were responded to by the 802.3 Maintenance TF in Geneva in N15724 • FDIS ballot: closes 16 Feb 2014 Andrew Myles, Cisco

  30. China NB non recognition of IEEE/IEC/ISO standards is probably not important & may not be allowed • IEEE 802 have been submitting IEEE 802 standards for ratification by ISO/IEC JTC1 using the PSDO agreement, for the purpose of ensuring IEEE 802 standards are recognised as international by everyone • However, the China NB has stated in several recent ballot comments that they may not recognise the IEEE/ISO/IEC standards • For example, in ballot on 802.1AR the China NB states., “… If these issues could not be disposed reasonably and this proposal would have been passing the FDIS ballot, it is regretful for China to be obliged to lose the responsibility and obligation of complying with and adopting the standard. Furthermore, China NB wishes to state for the record.” • This raises various questions: • Is it important? Probably not given the market demand for IEEE 802 based equipment • Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not Andrew Myles, Cisco

  31. Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not • TBT FAQ provides some information about use of international standards • The Agreement encourages Members to use existing international standards for their national regulations, or for parts of them, unless “their use would be ineffective or inappropriate” to fulfil a given policy objective • This may be the case, for example, “because of fundamental climatic and geographical factors or fundamental technological problems” (Article 2.4) • As explained previously, technical regulations in accordance with relevant international standards are rebuttably presumed “not to create an unnecessary obstacle to international trade” • Similar provisions apply to conformity assessment procedures: international guides or recommendations issued by international standardizing bodies, or the relevant parts of them, are to be used for national procedures for conformity assessment unless they are “inappropriate for the Members concerned for, inter alia, such reasons as national security requirements, prevention of deceptive practices, protection of human health or safety, animal or plant life or health, or protection of the environment; fundamental climatic or other geographical factors; fundamental technological or infrastructural problems” (Article 5.4). Andrew Myles, Cisco

  32. Can the China NB ban IEEE/ISO/IEC standards under WTO rules? Maybe and maybe not • A non expert reading suggests that China could ban IEEE/ISO/IEC standards in some circumstances • If standard is inappropriate or ineffective … • … particularly if it contained fundamental technological problems • … or was contrary to national security requirements • However a ban on IEEE/ISO/IEC standards might be difficult to justify • Any requirement to use a non international standard is automatically an unnecessary obstacle to international trade … and would need to be justified • The China NB has not provided any substantive reasons related to fundamental technological problems or security requirements in the ISO/IEC/IEEE standards • Indeed most other NBs seem to disagree with the China NB Andrew Myles, Cisco

  33. The SC will discuss next steps for processing the FDIS comments on 802.1AS/AR/AB • It is suggested that the 802.1 WG take responsibility for generating responses • Who? <-this is important • Possible actions this week • Generate liaison to SC6 noting comments from China and Switzerland, thanking them and committing to process the comments according the agreed process • Inform SC6 of a possible timetable for comment resolution • Possible actions for later • Process comments • Liaise responses to SC6 • Any objections? Andrew Myles, Cisco

  34. A number of security presentation have been considered by SC6 Andrew Myles, Cisco

  35. A meeting was held in Aug 2013 between the IEEE 802.1/11 and Swiss NB security experts wrt TEPA • The Swiss NB has provided a significant number of comments on various IEEE 802 standards over the last few years • In particular the Swiss NB (mostly Hans-Rudolf Thomann) has had a strong interest in the TEPA based proposals in SC6 from the China NB • This interest has led to significant and important discussions related to the “state of the art” in 802 security standards • Hans-Rudolf Thomann arranged to expand discussions with the Swiss NB to other individuals • Josef Schmidwas included as another Swiss security expert • It was agreed in Geneva that a meeting should be set up between 802.1 and 802.11 security experts and the Swiss NB security experts • The first of a possible series of meetings took place on 27August 2013 Andrew Myles, Cisco

  36. Dan Harkins provided a summary of the August meeting between IEEE 802 & Swiss NB reps • Meeting participants were • IEEE 802 • Bruce Kraemer (Marvell), Karen Randall (Randall Consulting), Jodi Haasz (IEEE), Mick Seaman, Dan Harkins (Aruba Networks), Brian Weis (Cisco), Peter Yee (AKAYLA) • Swiss NB • Hans-Rudolf Thomann (Thomann Consulting), Josef Schmid (FITSU), • Dan provided a meeting summary in Nanjing (from minutes) • Dan Harkins' interpretation of that teleconference is that the Swiss NB has gone backwards in their understanding of what 802.1X entities and TePA entities do in order to perform authentication. • Thomann has been concentrating on the number of entities involved instead of the functionality of those entities. • Thomann says that he will put together a presentation of how he feels that TePA certificate processing is performed in order to help improve mutual understanding. Dan will produce a similar presentation around 802.1X. Andrew Myles, Cisco

  37. Dan Harkins provided a summary of the August meeting between IEEE 802 & Swiss NB reps • Dan provided a meeting summary in Nanjing (from minutes) (continued) • Once these two stories are put straight, it should be possible to return to the Swiss presentation from the Seoul JTC1 meeting and clarify the points it attempted to make. • Bruce Kraemer expressed concern that this dialog is dragging on and that we will end up going into the Ottawa meeting (February 2014) of the JTC1 SC6/WG1 with the same distance between the parties. • Josef Schmid has indicated that the Swiss government has been following the progress of TePA in JTC1, although he has not been able to articulate the reason for the particular interest. • Another discussion between the IEEE delegation and the Swiss NB representative would be highly useful before the Ottawa meeting • The timing for this meeting will be dependent on when Thomann's and Harkins' documents are available. Andrew Myles, Cisco

  38. There has been no further meeting between IEEE 802 and the Swiss NB about TEPA after August • It was intended that further meetings be held after August once Dan Harkins and Hans Rudolf Thomann completed their “homework” • Dan: how certificates are used and validated in 802.1X/EAP-TLS • Hans: how certificates are used and validated in TePA • Dan Harkins reviewed his “homework” to this SC in Dallas; we may review a revised version this week for possible presentation to SC6 • It appears that Hans Rudolf Thomann has declined to complete his “homework” and has instead proposed three new topic areas • The IEEE 802 group responded to Hans Rudolf Thomann by expressing a degree of frustration • An e-mail discussion followed but there was no conclusion and it is not clear it is going anywhere Andrew Myles, Cisco

  39. Hans Rudolf Thoman has proposed three new TePA topics for discussion • Topic 1 • The subject of our current discussion is TePA. TePA is the (generic) mechanism specified by ISO/IEC 9798-3 Amd 1. The China NB has made Powerpoint presentations on certain TePA applications, e.g. TePA-AC targeting port-based access control, like 802.1X. In our discussion this application is a good example. We should however focus on the authentication message exchange in this comparison, as only for TePA, but not for TePA-AC a specification is available. We aim to achieve agreement with you about TePA valid for arbitrary use cases, not just for port-based access control. Andrew Myles, Cisco

  40. Hans Rudolf Thoman has proposed three new TePA topics for discussion • Topic 2 • Basic model and configurations. 802.1X and 9798-3 Amd 1 are network security standards aiming to establish security between OSI-entities at different network locations. The model must therefore be based on OSI-entities. When comparing 802.1X and TePA OSI-entities should be matched. • 802.1X specifies three roles:  supplicant, authenticator and AS. The Supplicant and Authenticator role are always assigned to two different OSI-entities, and 802.1X frequently views them as entities (see e.g. figure 7-2 of 8802-1X:2013. For EAP authentication exchange the AS role is as well necessary.  While it can be co-located with the Authenticator, most port-based network access control applications use a separate Authentication Server, to allow centralized administration of authorized parties and their credentials throughout a network. Andrew Myles, Cisco

  41. Hans Rudolf Thoman has proposed three new TePA topics for discussion • Topic 2 (continued) • In the former case, the model consists of only two entities, in the latter of three entities. The former is the co-located, the latter the remote configuration. TePA  has a three-entity model (A, B, TTP), in TePA-AC mapped to controller, client and AS. • TePA and 802.1X have the same purpose but are functionally different. Entities should be matched according to their network location rather than their functions/roles. TePA and TePA-AC match with the 802.1X remote configuration as follows: • Entity B=Client=Supplicant • Entity A=Controller=Authenticator • TTP=TePA-AC AS=802.1X AS • In the 802.1X collocated configuration rigged-up with an OCSP server, the matching would be TTP=TePA-AC AS=OCSP. Andrew Myles, Cisco

  42. Hans Rudolf Thoman has proposed three new TePA topics for discussion • Topic 3 • The essential feature of TePA is the presence of a TTP. Before entering information exchange with a peer-entity an entity must obtain assurance that the peer-entity is entrusted for the intended kind of information exchange (application). In TePA, this is achieved in two steps: • a. The TTP assures to entity A (B) that the holder of certificate B (A) is entrusted. • b. Entity A (B) obtains proof from entity B (A) that it is the holder of certificate B (A) (mutual authentication). • Trust is defined by  3.4.64 of X.509-2012 as follows: ": Entity X is said to trust entity Y for a set of activities if and only if entity X relies upon entity Y behaving in a particular way with respect to the activities. The emphasized parts illustrate the scope and impact of trust. Andrew Myles, Cisco

  43. Hans Rudolf Thoman has proposed three new TePA topics for discussion • Topic 3 (continued) • Though the current edition of the ISO standard is not specific on what exactly the TTP is doing, the proposers (the Chinese) had applications like TePA-AC in mind. Plain validation of the certificate status and origin converts an open anonymous into an open identified network, but not in a secure network: A network becomes secure by verifying that the certificate holder is admitted to this network. Plain validation of certificate status and origin allows for unauthorized (fake) clients (802.11 STAs) and controllers (802.11 APs): The only thing an attacker needs is a valid certificate! • The TePA TTP performs identity-based access control, using the Identities (see 9798-3 amd 1) of entities A and B. Andrew Myles, Cisco

  44. The IEEE 802 group responded to Hans Rudolf Thoman by expressing a degree of frustration • IEEE 802 response to Hans Rudolf Thoman • We have considered your current and past analyses in considerable detail. However your latest we believe clearly highlights the flaws in your logic • For example, under "2. Basic model and configurations" you say that“Entities should be matched according to their networks location rather than their functions/roles.” • The idea that your model of how TePA works should be applied without regard to the functionality of the entities in 802.1X/EAP, declaring them to be deficient because they are not the same as the TePA entities, is fundamental and invalidates all the analysis that follows • We have tried on many occasions to point out this flaw but do not seem to have succeeded in pointing out that apples vs oranges comparisons have no utility Andrew Myles, Cisco

  45. WAPI has not gone away; it may be re-proposed in SC6 despite uncertainty about the process • WAPI was cancelled as an NP proposal in early 2012 • There was been little discussion of WAPI in SC6 since that time but there is a possibility it might be re-proposed • The process for re-proposing WAPI in SC6 is currently uncertain • There is a claim made at the Korea meeting in June 2013 that the WAPI NP could be un-cancelled by a simple vote of SC6 NBs … • … despite some ambiguity, a case could be made that un-cancelling the WAPI NP requires a new NP ballot • WAPI has not gone away • It has ongoing support in China … • … but WPA2 is being embraced by Chinse SPs anyway • WAPI will have ample government funding for the foreseeable future Andrew Myles, Cisco

  46. There is a claim that the WAPI NP could be un-cancelled by a simple vote of SC6 NBs • At the SC6 meeting in Korea it was asserted that ISO staff have asserted the WAPI NP could be un-cancelled by a simple vote of SC6 NBs • Although it was also noted that the comments on the old NP form would still need to be resolved • The US NB rep asserted that this was contrary to the JTC1 Directives and a new NP ballot would be required • Regardless of the rules, it certainly would seem strange to not completely revise an NP form that was submitted in 2009 • Much of the material in the 2009 NP form is very out of date • It would be even more difficult to resolve comments on the 2009 NP form given the claims about WAPI in the market place have now been proved false by the passage of time • At least three of the five NBs that stated in 2009 that they would provide experts have never done so Andrew Myles, Cisco

  47. Despite some ambiguity, a case could be made that un-cancelling the WAPI NP requires a new NP ballot • The China NB suggested at the time of cancellation they may resubmit WAPI “when a more favorable standardization environment is available” • This assertion was repeated at the SC6 meeting in Korea in June 2013 • The JTC1 Directives are not particularly clear on the process for a project to be re-established once it has been cancelled • The best hint comes from the latest NP Ballot form, which includes an option for: • “THIS PROPOSAL RELATES TO THE RE-ESTABLISHMENT OF A CANCELLED PROJECT AS AN ACTIVE PROJECT” • This form and the latest JTC1 Directives suggest if there was a proposal to re-establish WAPI then: • It would have be sent to a new NP ballot of SC6 NBs • Assuming the ballot passed, any resulting negativecomments would have to be resolved and balloted by the JTC1 NBs Andrew Myles, Cisco

  48. WAPI has not gone away; it has ongoing support in China • WAPI has been an ongoing failure in the marketplace • It does not exist outside China • In China it is widely implemented in mobile phones but rarely deployed • Despite this failure WAPI continues to have support in China • It has been a China National standard since about 2003 • It is required to be implemented in mobile phones in China with Wi-Fi by an (unpublished) regulation • It is required to be implemented in APs used by SPs in China an (unpublished) regulation • It was supported by new government funding as recently as late 2012 • The WAPI Alliance is now leveraging the Snowden affair to promote mandatory use of WAPI Andrew Myles, Cisco

  49. WAPI has not gone away; but WPA2 is being embraced by Chinse SPs anyway  • It appears the Chinese SPs are embracing HS2.0/Passpoint based on 802.11i/WPA2-Enterprise Beijing China Mobile Andrew Myles, Cisco

  50. WAPI has not gone away; WAPI will have ample government funding for the foreseeable future • WAPI has had support from some parts of the Chinese Government for a long time • It appears this support is continuing with the opening of a National Engineering Laboratory in Xi’an in late 2012 • See http://tech.sina.com.cn/t/2012-12-10/01357870879.shtml • The focus of the lab (Google Translate) is to “fight for more international standards to adopt China's WAPI security technologies” • The attendance at the opening of the lab indicated support for its work from: • “National Information Security Management research institutions” • “industry experts” • “China's electric power, petroleum, finance, transportation” industries Andrew Myles, Cisco

More Related