Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [EFM] OAM developing Geoff's observation.



Harry,
 
Can you please clarify the network segment where encryption covers?  
Judging from the PPPoE discussion we had, the encryption starts
at the subscriber termination point and it may very well be at the
aggregation box.  Not at the CPE.  
 
So the big question is "Is data segration alone satisfy the needs for
security for user data travelling from home/office to the subscriber
termination point?"
 
-faye

	-----Original Message----- 
	From: Harry Hvostov 
	Sent: Mon 9/17/2001 3:59 PM 
	To: 'mattsquire@xxxxxxx';
"HHvostov\"@luminous.com;"@squid.squirehome.org;
"malcolm.herring\"@btinternet.com"@squid.squirehome.org;
stds-802-3-efm@ieee.org 
	Cc: 
	Subject: RE: [EFM] OAM developing Geoff's observation.
	
	


	Cable industry is deploying X.509 digital certificate and key
management
	protocol now. I believe the requirement to
	be quite realistic and a direct consequence of MSO's experience
with more
	relaxed authentication mechanisms.
	
	I believe that the precedent for public access network
authentication has
	been set and its feasibility will be proven in the nearest
future, with real
	deployments.
	
	Harry
	
	-----Original Message-----
	From: Matt Squire [mailto:mattsquire@xxxxxxx]
	Sent: Monday, September 17, 2001 12:51 PM
	To: "HHvostov\"@luminous.com;"@squid.squirehome.org;
	"malcolm.herring\"@btinternet.com"@squid.squirehome.org;
	stds-802-3-efm@ieee.org
	Subject: RE: [EFM] OAM developing Geoff's observation.
	
	
	
	
	This seems like a new and unrealistic requirement.  Simple
password
	authentication has served users well for a long time.  Although
I
	understand the benefits of managed certificates, I've also had a
taste
	of their complexity and the interoperability problems that lay
in wait.
	Managed certificates for authentication cannot be a requirement
for EFM
	services. 
	
	- Matt
	
	>
	> Malcolm,
	>
	> User authentication will likely require the use of digital
	> certificates and
	> key management. As such, this can be transported inside
conventional
	> Ethernet frames. There is no requirement for additional
	> concurrent protocol
	> such as PPP to accomplish this.
	>
	> Harry
	>
	

winmail.dat