[ipcdn] Protocol Action: 'Management Information Base for DOCSIS Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 26 January 2005 17:53 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23047 for <ipcdn-archive@ietf.org>; Wed, 26 Jan 2005 12:53:59 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Ctrdd-0005qp-RF for ipcdn-archive@ietf.org; Wed, 26 Jan 2005 13:11:34 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CtrKe-0004OO-Hb; Wed, 26 Jan 2005 12:51:56 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CtrAT-0001pY-F5; Wed, 26 Jan 2005 12:41:26 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19855; Wed, 26 Jan 2005 12:41:22 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CtrRR-0005KP-5l; Wed, 26 Jan 2005 12:58:57 -0500
Received: from apache by megatron.ietf.org with local (Exim 4.32) id 1Ctr62-0000kQ-Hk; Wed, 26 Jan 2005 12:36:50 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1Ctr62-0000kQ-Hk@megatron.ietf.org>
Date: Wed, 26 Jan 2005 12:36:50 -0500
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248
Cc: ipcdn mailing list <ipcdn@ietf.org>, Internet Architecture Board <iab@iab.org>, ipcdn chair <RWoundy@broadband.att.com>, ipcdn chair <Richard_Woundy@cable.comcast.com>, ipcdn chair <jf.mule@cablelabs.com>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [ipcdn] Protocol Action: 'Management Information Base for DOCSIS Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus' to Proposed Standard
X-BeenThere: ipcdn@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP over Cable Data Network <ipcdn.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipcdn@ietf.org>
List-Help: <mailto:ipcdn-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=subscribe>
Sender: ipcdn-bounces@ietf.org
Errors-To: ipcdn-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
The IESG has approved the following document:
- 'Management Information Base for DOCSIS Cable Modems and Cable Modem
Termination Systems for Baseline Privacy Plus '
<draft-ietf-ipcdn-bpiplus-mib-15.txt> as a Proposed Standard
This document is the product of the IP over Cable Data Network Working Group.
The IESG contact persons are Bert Wijnen and David Kessens.
Technical Summary
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines a set of managed objects for SNMP based
management of the Baseline Privacy Plus features of DOCSIS1.1 and
DOCSIS 2.0 compliant Cable Modems and Cable Modem Termination
Systems.
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines a set of managed objects for SNMP based
management of the Baseline Privacy Plus features of DOCSIS1.1 and
DOCSIS 2.0 (Data-over-Cable Service Interface Specification)
compliant Cable Modems and Cable Modem Termination
Working Group Summary
There is Working Group consensus to publish this document as a
Proposed Standard.
Protocol Quality
This document was reviewed for the IESG by Bert Wijnen
RFC-Editor note:
Please replace the last para of sect 7
OLD:
BPI+ Encryption Algorithms:
BPI+ Traffic Encryption Keys TEK (see [1]) uses DES
(Data Encryption Standard) 56 or 40 bits encryption ciphers.
Due DES cryptographic strength weakness, future revisions of BPI+
specification [1] should introduce advanced encryption algorithms
to overcome the progress in cheaper and faster decryption tools.
Traffic Encryption Keys (TEK) are configured per CM and per BPI+
multicast group which may reduce the threat of the DES weakness for
the overall system. The time to crack DES could be additionally
mitigated by a compromised value for the TEK lifetime and Grace Time
(up to a minimum of 30 minutes for the TEK lifetime, see
Appendix A [1]).
Not exempt of the same recommendations as above, The CM BPI+
Authorization protocol uses triple DES encryption,
which offers improved robustness compared to DES for CM
Authorization and TEK re-key management.
NEW:
BPI+ Encryption Algorithms:
The BPI+ Traffic Encryption Keys (TEK) defined in the DOCSIS BPI+
specification [1] use 40-bit or 56-bit DES for encryption (DES
CBC mode). There is currently no mechanism or algorithm defined
for data integrity.
Due to the DES cryptographic weaknesses, future revisions of the
DOCSIS BPI+ specification should introduce more advanced encryption
algorithms as proposed in the DocsBpkmDataEncryptAlg textual
convention to overcome the progress in cheaper and faster hardware
or software decryption tools. Future revisions of the DOCSIS BPI+
specification [1] should also adopt authentication algorithms as
described in DocsBpkmDataAuthentAlg textual convention.
It is important to note that frequent key changes do not necessarily
help to mitigate or reduce the risks of a DES attack. Indeed, the
traffic encryption keys which are configured on a per cable modem
basis and per BPI+ multicast group can be utilized to decrypt old
traffic even when they are no longer in active use.
Note that not exempt of the same recommendations as above, the CM
BPI+ authorization protocol uses triple DES encryption, which
offers improved robustness compared to DES for CM authorization
and TEK re-key management.
_______________________________________________
IPCDN mailing list
IPCDN@ietf.org
https://www1.ietf.org/mailman/listinfo/ipcdn