Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [EFM] OAM security and authentication




I agree, security and authentication come under Geoff's wider definition of
Ethernet Subscriber Access (ESA) rather than EFM as defined by 802.3, and
therefore are not really part of the layer 1 / layer 2 standards effort.

Bob Barrett

> -----Original Message-----
> From: owner-stds-802-3-efm@majordomo.ieee.org
> [mailto:owner-stds-802-3-efm@majordomo.ieee.org]On Behalf Of Matt Squire
> Sent: 18 September 2001 04:53
> To: Harry Hvostov
> Cc: HHvostov@xxxxxxxxxxxx; malcolm.herring@xxxxxxxxxxxxxx;
> stds-802-3-efm@ieee.org
> Subject: Re: [EFM] OAM developing Geoff's observation.
>
>
>
>
> I guess I have a couple of quick comments on this.  I recognize that the
> cable industry is starting to use X.509, but that doesn't make it a
> requirement for this or any other group.  Many other protocols and
> access technologies have found that that simpler authentication
> technologies to be more than sufficient.
>
> And as you say, the feasibility of this approach has yet to be proven.
> To adopt a technology that has yet to be proven in similar deployment
> scenarios seems very unwise.
>
> And besides, I still think such discussions, however interesting and
> applicable to the broad picture of EFM deployment, are outside this
> group's responsibilities.
>
> - Matt
>
> Harry Hvostov wrote:
> >
> > Cable industry is deploying X.509 digital certificate and key management
> > protocol now. I believe the requirement to
> > be quite realistic and a direct consequence of MSO's experience
> with more
> > relaxed authentication mechanisms.
> >
> > I believe that the precedent for public access network
> authentication has
> > been set and its feasibility will be proven in the nearest
> future, with real
> > deployments.
> >
> > Harry
> >
> > -----Original Message-----
> > From: Matt Squire [mailto:mattsquire@xxxxxxx]
> > Sent: Monday, September 17, 2001 12:51 PM
> > To: "HHvostov\"@luminous.com;"@squid.squirehome.org;
> > "malcolm.herring\"@btinternet.com"@squid.squirehome.org;
> > stds-802-3-efm@ieee.org
> > Subject: RE: [EFM] OAM developing Geoff's observation.
> >
> > This seems like a new and unrealistic requirement.  Simple password
> > authentication has served users well for a long time.  Although I
> > understand the benefits of managed certificates, I've also had a taste
> > of their complexity and the interoperability problems that lay in wait.
> > Managed certificates for authentication cannot be a requirement for EFM
> > services.
> >
> > - Matt
> >
> > >
> > > Malcolm,
> > >
> > > User authentication will likely require the use of digital
> > > certificates and
> > > key management. As such, this can be transported inside conventional
> > > Ethernet frames. There is no requirement for additional
> > > concurrent protocol
> > > such as PPP to accomplish this.
> > >
> > > Harry
> > >