OIF Establishes Security for UNI and NNI

Tyler Durden camera_lumina at hotmail.com
Thu May 15 12:10:15 PDT 2003 

For the transport/optical networking folks.

Come to think of it, it is suprising that this hadn't been tackled soon, 
given the potential consequences of a compromised UNI, and given that UNI 
1.0 was settled upon back in early 2001 or so.


-TD


FREMONT, Calif. -- In the wake of its quarterly meeting in Scottsdale, 
Arizona last week, the Optical Internetworking Forum (OIF) announced 
approval of the Security Extension for the User-to-Network Interface (UNI) 
and Network-to-Network Interface (NNI) Implementation Agreement (IA). The IA 
is the result of the combined efforts of the OIF's Architecture Working 
Group (WG), Carrier WG, Signaling WG and Operations Administration, 
Maintenance, & Provisioning (OAM&P) WG. The IA focuses on security for 
management interfaces and the auditing and logging of optical transport 
network elements.

"Work on this implementation agreement began by identifying carriers' 
security requirements and then evaluating alternative solutions," said Joe 
Berthold, CIENA Corporation, president of the OIF. "The Security Extension 
IA is an example of multiple OIF working groups collaborating to better the 
industry."

The Security IA defines a common extension for securing the protocols used 
in the UNI 1.0 IA and the UNI 2.0 and NNI works in progress. The IA was 
written to provide a common set of security mechanisms required to protect 
the signaling and routing of optical connections. These mechanisms safeguard 
transport networks against attacks that may compromise their control planes, 
seek unauthorized use of their resources or attempt to gain unauthorized 
information about their configuration and usage. To counter these threats, 
the IA was developed to protect the UNI signaling control channel(s). The 
Security Extension IA provides options for more extended coverage, defines a 
common method to secure additional protocols, allows compatibility between 
UNI and NNI security and reduces the need for manual intervention. The IA 
defines an optional-to-implement profile of the IETF's IPsec so signaling 
protocols that can be protected with mutual authentication, key management, 
message integrity, replay detection and confidentiality in a standard, 
widely-implemented, interoperable manner.

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus

More information about the cypherpunks-legacy mailing list