[ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib
"Wijnen, Bert (Bert)" <bwijnen@lucent.com> Thu, 23 September 2004 19:21 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13816 for <ipcdn-archive@ietf.org>; Thu, 23 Sep 2004 15:21:35 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAZGj-0007dq-Bn for ipcdn-archive@ietf.org; Thu, 23 Sep 2004 15:28:42 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAZ3z-0001hz-1D; Thu, 23 Sep 2004 15:15:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAYqo-00019H-Ho for ipcdn@megatron.ietf.org; Thu, 23 Sep 2004 15:01:54 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11170 for <ipcdn@ietf.org>; Thu, 23 Sep 2004 15:01:52 -0400 (EDT)
Received: from ihemail1.lucent.com ([192.11.222.161]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAYxd-0007EH-1i for ipcdn@ietf.org; Thu, 23 Sep 2004 15:08:58 -0400
Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62]) by ihemail1.lucent.com (8.12.11/8.12.11) with ESMTP id i8NJ1Ilf001436 for <ipcdn@ietf.org>; Thu, 23 Sep 2004 14:01:19 -0500 (CDT)
Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72) id <RLRKK4SM>; Thu, 23 Sep 2004 21:01:18 +0200
Message-ID: <7D5D48D2CAA3D84C813F5B154F43B15503C79CD5@nl0006exch001u.nl.lucent.com>
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
To: "Ipcdn (E-mail)" <ipcdn@ietf.org>
Date: Thu, 23 Sep 2004 21:01:16 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Subject: [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib
X-BeenThere: ipcdn@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP over Cable Data Network <ipcdn.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipcdn@ietf.org>
List-Help: <mailto:ipcdn-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipcdn>, <mailto:ipcdn-request@ietf.org?subject=subscribe>
Sender: ipcdn-bounces@ietf.org
Errors-To: ipcdn-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
FYI and possible follow up -----Original Message----- From: Steve Bellovin [mailto:smb@research.att.com] Sent: Thursday, September 23, 2004 20:07 To: iesg@ietf.org Subject: DISCUSS: draft-ietf-ipcdn-bpiplus-mib I concur in Russ' comments about the lack of any suitably strong crypto algorithms. 40-bit DES is, frankly, an embarrassment at this point. Yes, I realize that DOCSIS isn't doing it right yet; that's no reason for us to do it wrong. We should put the code points into the MIB now, and let them catch up. But I'll let Russ hold that part of the DISCUSS (as well as the note that authentication algorithms are needed.) The Security Considerations section says The time to crack DES could be additionally mitigated by a compromised value for the TEK lifetime and Grace Time (up to a minimum of 30 minutes for the TEK lifetime, see Appendix A [1]). That's only partially correct. These keys are confidentiality keys; they're still valuable even after they're no longer in active use, because they can be used to decrypt old traffic. (By contrast, old authentication keys are useless to an attacker.) --Steve Bellovin, http://www.research.att.com/~smb _______________________________________________ IPCDN mailing list IPCDN@ietf.org https://www1.ietf.org/mailman/listinfo/ipcdn
- [ipcdn] FW: DISCUSS: draft-ietf-ipcdn-bpiplus-mib Wijnen, Bert (Bert)