RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib-14
Russ Housley <housley@vigilsec.com> Thu, 07 October 2004 13:38 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA15750 for <ipcdn-archive@ietf.org>; Thu, 7 Oct 2004 09:38:40 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CFYdQ-0005GQ-5m for ipcdn-archive@ietf.org; Thu, 07 Oct 2004 09:48:45 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CFYPH-0003wk-Ec; Thu, 07 Oct 2004 09:34:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CFLCO-0002ob-He for ipcdn@megatron.ietf.org; Wed, 06 Oct 2004 19:27:56 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29068 for <ipcdn@ietf.org>; Wed, 6 Oct 2004 19:27:52 -0400 (EDT)
Received: from woodstock.binhost.com ([144.202.240.3]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1CFLLx-0003Ek-HH for ipcdn@ietf.org; Wed, 06 Oct 2004 19:37:51 -0400
Received: (qmail 15223 invoked by uid 0); 6 Oct 2004 23:27:45 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (64.221.254.66) by woodstock.binhost.com with SMTP; 6 Oct 2004 23:27:45 -0000
Message-Id: <6.1.2.0.2.20041006192237.08786820@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0
Date: Wed, 06 Oct 2004 19:27:29 -0400
To: Jean-Francois Mule <jf.mule@cablelabs.com>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib-14
In-Reply-To: <CD6CE349CFD30D40BF5E13B3E0D8480406A3BE@srvxchg.cablelabs.c om>
References: <CD6CE349CFD30D40BF5E13B3E0D8480406A3BE@srvxchg.cablelabs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
X-Mailman-Approved-At: Thu, 07 Oct 2004 09:34:06 -0400
Cc: ipcdn@ietf.org, bwijnen@lucent.com, Eduardo Cardona <e.cardona@cablelabs.com>, Greg White <g.white@cablelabs.com>, Oscar Marcia <o.marcia@cablelabs.com>, "Richard Woundy @ Comcast" <Richard_woundy@cable.comcast.com>, Eric Rosenfeld <e.rosenfeld@cablelabs.com>, "Steven M. Bellovin" <smb@research.att.com>
X-BeenThere: ipcdn@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP over Cable Data Network <ipcdn.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipcdn@ietf.org>
List-Help: <mailto:ipcdn-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=subscribe>
Sender: ipcdn-bounces@ietf.org
Errors-To: ipcdn-bounces@ietf.org
X-Spam-Score: 2.9 (++)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44
Jean-Francois: > > >--- 2. Lack of strong encryption & authentication mechanism in DOCSIS > > >BPI+ >[snip] > > > Symmetric encryption: > > > AES (AES128CbcMode, AES256CbcMode), 3DES, DES > > > ^^^ new addition, optional to support Fine. >You wrote: > > You need to specify a mode for 3DES too. It will probably be > > CBC like the > > rest of the algorithms you support. > >Yes. The following has been proposed: > t3DES128EdeMode - equivalent to openssl's DES_ecb2_encrypt() two-key > Triple-DES ECB > t3DES128CbcMode - equivalent to openssl's DES_ede2_cbc_encrypt() two-key > Triple-DES CBC I seriously doubt that t3DES128EdeMode is useful in this context. ECB had some properties that are probably bad in this environment. >PS: as a separate note, should the IETF be defining a set of crypto MIB >textual-conventions for the crypto libraries (like some of the ones in the >openssl lib http://www.openssl.org/docs/crypto/crypto.html)? I do not think this is needed. It certainly does not belong in this document. > > > Data integrity algorithms: > > > SHA-1, SHA-256, MD5 > > > ^ new addition, optional to support > > >You wrote: > > I expected HMAC-SHA-1. This can be truncated as is done in > > IPsec. Look at > > the HMAC-SHA1-96 definition for an example. > >The following has been proposed: >HMAC-SHA1-96 and HMAC-SHA1-128 Fine. > > MD5 is certainly not a good thing to add at this point. >Ok. Good. Russ _______________________________________________ IPCDN mailing list IPCDN@ietf.org https://www1.ietf.org/mailman/listinfo/ipcdn
- [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib… Wijnen, Bert (Bert)
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- Re: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Steven M. Bellovin
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley