RE: [EFM] OAM developing Geoff's observation.
Harry,
Can you please clarify the network segment where encryption covers?
Judging from the PPPoE discussion we had, the encryption starts
at the subscriber termination point and it may very well be at the
aggregation box. Not at the CPE.
So the big question is "Is data segration alone satisfy the needs for
security for user data travelling from home/office to the subscriber
termination point?"
-faye
-----Original Message-----
From: Harry Hvostov
Sent: Mon 9/17/2001 3:59 PM
To: 'mattsquire@xxxxxxx';
"HHvostov\"@luminous.com;"@squid.squirehome.org;
"malcolm.herring\"@btinternet.com"@squid.squirehome.org;
stds-802-3-efm@ieee.org
Cc:
Subject: RE: [EFM] OAM developing Geoff's observation.
Cable industry is deploying X.509 digital certificate and key
management
protocol now. I believe the requirement to
be quite realistic and a direct consequence of MSO's experience
with more
relaxed authentication mechanisms.
I believe that the precedent for public access network
authentication has
been set and its feasibility will be proven in the nearest
future, with real
deployments.
Harry
-----Original Message-----
From: Matt Squire [mailto:mattsquire@xxxxxxx]
Sent: Monday, September 17, 2001 12:51 PM
To: "HHvostov\"@luminous.com;"@squid.squirehome.org;
"malcolm.herring\"@btinternet.com"@squid.squirehome.org;
stds-802-3-efm@ieee.org
Subject: RE: [EFM] OAM developing Geoff's observation.
This seems like a new and unrealistic requirement. Simple
password
authentication has served users well for a long time. Although
I
understand the benefits of managed certificates, I've also had a
taste
of their complexity and the interoperability problems that lay
in wait.
Managed certificates for authentication cannot be a requirement
for EFM
services.
- Matt
>
> Malcolm,
>
> User authentication will likely require the use of digital
> certificates and
> key management. As such, this can be transported inside
conventional
> Ethernet frames. There is no requirement for additional
> concurrent protocol
> such as PPP to accomplish this.
>
> Harry
>
winmail.dat