Roy,
Exactly! Don't have a good answer. If we are trying to keep
the
cost of the CPE down, pushing for encryption for that segment will be
hard.
But if we don't, does it still meet the security requirement?
Or does data
segration suffice?
-faye
-----Original Message----- From: Roy Bynum
Sent: Mon 9/17/2001 5:41 PM To: Faye Ly; Harry Hvostov;
mattsquire@xxxxxxx; "HHvostov\"@luminous.com;"@squid.squirehome.org;
"malcolm.herring\"@btinternet.com"@squid.squirehome.org;
stds-802-3-efm@ieee.org Cc: Subject: RE: [EFM] OAM
developing Geoff's observation.
Faye,
The real question, since the encryption is at the
aggregation "box" then how much of that would apply to EFM which is between
the aggregation "box" and the CPE or does this issue even apply at
all?
Thank you, Roy Bynum
At 05:28 PM 9/17/01 -0700, Faye
Ly wrote: >Harry, > >Can you please clarify the network
segment where encryption covers? >Judging from the PPPoE discussion we
had, the encryption starts >at the subscriber termination point and it
may very well be at the >aggregation box. Not at the
CPE. > >So the big question is "Is data segration alone satisfy
the needs for >security for user data travelling from home/office to the
subscriber >termination
point?" > >-faye > >
-----Original
Message----- > From:
Harry Hvostov > Sent:
Mon 9/17/2001 3:59 PM >
To:
'mattsquire@acm.org'; >"HHvostov\"@luminous.com;"@squid.squirehome.org; >"malcolm.herring\"@btinternet.com"@squid.squirehome.org; >stds-802-3-efm@ieee.org >
Cc: > Subject: RE: [EFM]
OAM developing Geoff's
observation. > > > > >
Cable industry is deploying X.509 digital certificate and
key >management >
protocol now. I believe the requirement
to > be quite realistic
and a direct consequence of MSO's experience >with
more > relaxed
authentication
mechanisms. > > I
believe that the precedent for public access network >authentication
has > been set and its
feasibility will be proven in the nearest >future, with
real >
deployments. > >
Harry > >
-----Original
Message----- > From:
Matt Squire [mailto:mattsquire@xxxxxxx] >
Sent: Monday, September 17, 2001 12:51
PM > To:
"HHvostov\"@luminous.com;"@squid.squirehome.org; >
"malcolm.herring\"@btinternet.com"@squid.squirehome.org; >
stds-802-3-efm@ieee.org >
Subject: RE: [EFM] OAM developing Geoff's
observation. > > > > >
This seems like a new and unrealistic requirement.
Simple >password >
authentication has served users well for a long time.
Although >I >
understand the benefits of managed certificates, I've also had
a >taste > of
their complexity and the interoperability problems that lay >in
wait. > Managed
certificates for authentication cannot be a requirement >for
EFM >
services. > > -
Matt > >
> > >
Malcolm, >
> > > User
authentication will likely require the use of
digital > >
certificates and > >
key management. As such, this can be transported
inside >conventional >
> Ethernet frames. There is no requirement for
additional > >
concurrent protocol >
> such as PPP to accomplish
this. >
> > >
Harry >
> >
|