[ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib-14
"Wijnen, Bert (Bert)" <bwijnen@lucent.com> Thu, 23 September 2004 12:19 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA06060 for <ipcdn-archive@ietf.org>; Thu, 23 Sep 2004 08:19:29 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CASgB-0006fP-9d for ipcdn-archive@ietf.org; Thu, 23 Sep 2004 08:26:31 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CASVW-0000SN-0H; Thu, 23 Sep 2004 08:15:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CASSm-00005u-E8 for ipcdn@megatron.ietf.org; Thu, 23 Sep 2004 08:12:40 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA05654 for <ipcdn@ietf.org>; Thu, 23 Sep 2004 08:12:38 -0400 (EDT)
Received: from ihemail2.lucent.com ([192.11.222.163]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CASZZ-0006XR-1R for ipcdn@ietf.org; Thu, 23 Sep 2004 08:19:41 -0400
Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62]) by ihemail2.lucent.com (8.12.11/8.12.11) with ESMTP id i8NCC7Sw026833 for <ipcdn@ietf.org>; Thu, 23 Sep 2004 07:12:08 -0500 (CDT)
Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72) id <RLRKKJFB>; Thu, 23 Sep 2004 14:12:07 +0200
Message-ID: <7D5D48D2CAA3D84C813F5B154F43B15503C79CC2@nl0006exch001u.nl.lucent.com>
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
To: "Ipcdn (E-mail)" <ipcdn@ietf.org>
Date: Thu, 23 Sep 2004 14:12:04 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Subject: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib-14
X-BeenThere: ipcdn@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP over Cable Data Network <ipcdn.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipcdn@ietf.org>
List-Help: <mailto:ipcdn-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=subscribe>
Sender: ipcdn-bounces@ietf.org
Errors-To: ipcdn-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f66b12316365a3fe519e75911daf28a8
I am forwarding IESG comments as I receive them. Answers are fine. Pls do not yet submit a changed document untill we get ALL the IESG comments. Should be around Tuesday next week. Bert -----Original Message----- From: Russ Housley [mailto:housley@vigilsec.com] Sent: Wednesday, September 22, 2004 21:51 To: iesg@ietf.org Subject: DISCUSS: draft-ietf-ipcdn-bpiplus-mib-14 Management Information Base for DOCSIS Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus (Proposed Standard) DISCUSS The definition of docsBpi2CmPublicKey begins: : : docsBpi2CmPublicKey OBJECT-TYPE : SYNTAX OCTET STRING (SIZE (74|106|140|204|270)) : The selection of these few octet string sizes is inappropriate. PKCS #1 encoding of an RSA public key is a SEQUENCE of two INTEGERs. One example of an acceptable RSA public key that cannot be accommodated by this definition follows. It is 139 octets. 0 30 137: SEQUENCE { 3 02 129: INTEGER : 00 DD D8 49 85 DD 76 BE 9C 64 D2 6A 0C B3 3A 14 : 0B 37 A5 60 97 90 40 3D C0 C6 9C 01 FB D0 6F B6 : 49 56 E5 1A 44 F7 C7 1D 23 4C 91 A2 6F BE F7 9A : D0 5F F0 88 9A 01 A2 0A 20 78 22 45 1A 9D 77 8F : CA 14 3E 75 44 3C D6 67 16 21 E5 42 B5 EC BF 62 : 6C 09 0E 4D D9 79 D0 55 82 5C 9C FD B1 B9 B6 A6 : 5B 42 83 FA 90 1E 74 3F 5C 1C 1F D8 73 40 94 3C : 9A 9F 2A 04 FE ED 8C 69 C3 0E 10 A6 3B 0B A7 A4 : CD 135 02 3: INTEGER 65537 : } I do not believe that a five (or even ten) specific sizes can be chosen that accommodate all valid RSA public keys. The definition of docsBpi2CmtsAuthCmPublicKey has the same problem. The definition of docsBpi2CmTEKDataEncryptAlg begins: : : docsBpi2CmTEKDataEncryptAlg OBJECT-TYPE : SYNTAX INTEGER { : none(0), : des56CbcMode(1), : des40CbcMode(2) : } : And, the definition of docsBpi2CmTEKDataAuthentAlg begins: : : docsBpi2CmTEKDataAuthentAlg OBJECT-TYPE : SYNTAX INTEGER { : none(0) : } : These same values are also used in the docsBpi2CmCryptoSuiteDataEncryptAlg, docsBpi2CmCryptoSuiteDataAuthentAlg, docsBpi2CmtsTEKDataEncryptAlg, docsBpi2CmtsTEKDataAuthentAlg, docsBpi2CmtsIpMulticastDataEncryptAlg, and docsBpi2CmtsIpMulticastDataAuthentAlg definitions. None of the encryption algorithm choices is a strong encryption algorithm. Also, the encryption algorithm choice do not provide integrity, so they ought to be used with an integrity algorithm, but none are specified. Can we get a strong encryption algorithm added to the list? Can we get an strong integrity algorithm specified? If not, the last few paragraphs of of the Security Considerations need to be made much more forceful. COMMENT Please delete the second paragraph of the Abstract prior to publication as an RFC. In the Abstract: s/DOCSIS1.1/DOCSIS 1.1/ _______________________________________________ IPCDN mailing list IPCDN@ietf.org https://www1.ietf.org/mailman/listinfo/ipcdn
- [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib… Wijnen, Bert (Bert)
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Eduardo Cardona
- Re: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Steven M. Bellovin
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Jean-Francois Mule
- RE: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus… Russ Housley