21-08-00145-00-0sec-Security_TR_Issue_List.doc
Project
IEEE 802.21 MIHO
<http://www.ieee802.org/21/>
Title
Security TR Issue List
Date
Submitted
May 14, 2008
Source(s)
Yoshihiro Ohba (Toshiba)
Re:
IEEE 802.21 Session #26 in May 2008
Abstract
This document describes a list of issues for Security TR document
Purpose
Security SG discussion
Release
This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for
discussion and is not binding on the contributing individual(s) or organization(s). The material in this
document is subject to change in form and content after further study. The contributor(s) reserve(s) the right
to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this
contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in
the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution;
and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE
Standards publication. The contributor also acknowledges and accepts that this contribution may be made
public by IEEE 802.21.
Patent
Policy
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards
Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding
Patent Issues During IEEE Standards Development <http://standards.ieee.org/board/pat/guide.html>.
Notice
1
21-08-00145-00-0sec-Security_TR_Issue_List.doc
List of TR issues
Issue
#
1
Status
Issue
Assigned to
Text needed
Shubhranshu
2
Text needed
3
Text needed
4
Text needed
5
Text needed
6
Discuss
7
Discuss
8
Discuss
Add threat analysis
section between
Use Cases sections
and Requirements
Section
In Section 3.1.1,
explanation is
needed on “The CS
PoS may be willing
to direct unknown
MNs”
In Section 3.1.1,
clarification on
role-based and
identity-based
access control
In Section 3.1.1,
clarification on
selecting wellknown IS MIHF
A1.3 needs
rewording
In A1.4, is “MN
does not need DoS
protection or replay
protection from
home domain
MIHFs” a valid
assumption?
In A2.4, is “the The
MN does not need
DoS protection or
replay protection
from visited
domain MIHFs”
valid assumption?
“R1.1: When the
MIHF is in a
network node (NN)
in the home
domain, there shall
be a service that
2
Note
Michael/
Shubhranshu
Resolution agreed. See
08-0153-00.
Michael/
Shubhranshu
Resolution agreed. See
08-0153-00.
Michael/
Shubhranshu
Resolution agreed. See
08-0153-00.
Shubhranshu/M
ichael/Subir
Michael/
Shubhranshu/
Subir
Resolution agreed. See
08-0153-00.
Resolution agreed. See
08-0153-00.
Michael/
Shubhranshu/
Subir
Resolution agreed. See
08-0153-00.
Michael/Shubhr
anshu/Subir
If for example we
specify there is no need
for additional security
when the NN’s are
talking to each other
within the home
21-08-00145-00-0sec-Security_TR_Issue_List.doc
9
Text needed
10
Discuss
11
Discuss
12
Discuss
indicates to the
MIHF that it is in
the home domain
and the other NN
MIHFs are also in
the home domain.”
What is the service?
Same comment for
R1.2, R2.1 and
R2.2.
Terminology
Lily/
section is needed
Michael
for MIH security
Are a Flow Chart
and changes to the
Use Cases
described in 21-080130-00-0sec-mihsecurity-use-casesamples.doc
needed?
Discussion needed
on A1.a and A1.b
Lily/
Michael/
Subir
Need to merge
bullet 3 and 4 of
section 1.1.3.1.1
Shubhranshu
3
Shubhranshu/M
ichael/Subir
network, they need to
know they are both in
the home network.
Propose to take Lily’s
terms from her
presentation and
modify them, and put
into 1.3 for starters.
Some of the changes
should be brought in.
Propose to revise the
definitions according to
doc xxx. Need
contribution to modify
TR according to the
changes.
There was
misunderstanding about
the risks. Network
nodes inside a network
are usually protected
when talking to each
other.
Open