RE: Boiling it down to the essential M
I'm not convinced that your confidence in transmission line security
is universal. There's certainly good business in encryption.
There's also lots of new chips that can parse SONET quite inexpensively,
so once the stream can be tapped, the information can be extracted.
I don't quite see why you conclude that my arguments assume anything
about the mutual ownership of the data and the service hardware.
Encryption certainly assumes the opposite, that the data owner does
not trust the transmission operators.
-hwc
-----Original Message-----
From: Roy Bynum [mailto:rabynum@xxxxxxxxxxx]
Sent: Wednesday, September 08, 1999 6:09 PM
To: Hon Wah Chin
Subject: Re: Boiling it down to the essential M
Hon,
If what you say is true, why is any data sent over transmission lines
considered
secure? It is because it takes a data system to look at the data, a
transmission network element can not look at the customer traffic. All
transmission network elements have network management that is out of band
with
the customer traffic. This is true of an LTE, regenerator, amplifier, MUX,
DXC,
or any other transmission service equipment. Your arguments are assuming
that
the owner of the data also owns all of the transmission service fiber and
elements, which is not true. Your augments are without knowledge of how
transmission systems and equipment are designed, deployed, and operated.
Thank you,
Roy Bynum
MCI WorldCom
> I explicitly addressed the saturation issue.
>
> I submit that anyone with access to the line
> (SONET/IP/Ethernet or whatever) can tap it regardless of
> "in-band" or "out-of-band" access. 802.10, VPNs and
> encryption are the approaches being used for security.
> No reason to assume that someone with access to the signal
> has no access to parse the standard frame format.
>
> -hwc
>
> -----Original Message-----
> From: Roy Bynum [mailto:rabynum@xxxxxxxxxxx]
> Sent: Sunday, September 05, 1999 1:22 PM
> To: Hon Wah Chin
> Cc: 'stds-802-3-hssg@xxxxxxxx'
> Subject: Re: Boiling it down to the essential M
>
> Hon,
>
> The problem with the architecture of using in band TCP/IP network
management
> at
> the regenerator sites is that it requires the processing of each and every
> data
> packet to determine if it is for the regenerator. It also requires that
> regenerator insert data traffic in band into what could already be a fully
> saturated data stream. It also provides a security breach entry point for
> someone who got access to regenerator to now have full access to the data
> stream. Since most regenerator sites are somewhere in the country side
and
> unmanned, this is a major security risk. I don't think that very many
> companies will buy this when they understand the risks.
>
> Thank you,
> Roy Bynum
> MCI WorldCom