Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [EFM] OAM developing Geoff's observation.





I guess I have a couple of quick comments on this.  I recognize that the
cable industry is starting to use X.509, but that doesn't make it a
requirement for this or any other group.  Many other protocols and
access technologies have found that that simpler authentication
technologies to be more than sufficient.  

And as you say, the feasibility of this approach has yet to be proven. 
To adopt a technology that has yet to be proven in similar deployment
scenarios seems very unwise.  

And besides, I still think such discussions, however interesting and
applicable to the broad picture of EFM deployment, are outside this
group's responsibilities.  

- Matt

Harry Hvostov wrote:
> 
> Cable industry is deploying X.509 digital certificate and key management
> protocol now. I believe the requirement to
> be quite realistic and a direct consequence of MSO's experience with more
> relaxed authentication mechanisms.
> 
> I believe that the precedent for public access network authentication has
> been set and its feasibility will be proven in the nearest future, with real
> deployments.
> 
> Harry
> 
> -----Original Message-----
> From: Matt Squire [mailto:mattsquire@xxxxxxx]
> Sent: Monday, September 17, 2001 12:51 PM
> To: "HHvostov\"@luminous.com;"@squid.squirehome.org;
> "malcolm.herring\"@btinternet.com"@squid.squirehome.org;
> stds-802-3-efm@ieee.org
> Subject: RE: [EFM] OAM developing Geoff's observation.
> 
> This seems like a new and unrealistic requirement.  Simple password
> authentication has served users well for a long time.  Although I
> understand the benefits of managed certificates, I've also had a taste
> of their complexity and the interoperability problems that lay in wait.
> Managed certificates for authentication cannot be a requirement for EFM
> services.
> 
> - Matt
> 
> >
> > Malcolm,
> >
> > User authentication will likely require the use of digital
> > certificates and
> > key management. As such, this can be transported inside conventional
> > Ethernet frames. There is no requirement for additional
> > concurrent protocol
> > such as PPP to accomplish this.
> >
> > Harry
> >