[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Réf. : Re: Réf. : Re: Encryption control of SNDU




As I said, encryption at MPEG level does not allow a per receiver
encryption key.
A PID is "multi receiver" which means that if encryption is applied to TS
packets, all receivers tuned to a given PID should have the same key
and hence each receiver can deencrypte traffic destined to other receivers.
This is no issue if all receivers associated to the same PID are in a
closed group (VPN)
But if not, the question of privacy rises....

I agree that encryption, session securtiy, key exchange can be handled in
another ID.
However, ULE  is still concerned in the way to control and synchronise
this. That is to provide tags allwoing the receiver to know :
- if a received SNDU is encrypted or not
- if yes, which key is used (this is to allow rekeying..)

regards





Alain RITOUX <alain.ritoux@6wind.com>@erg.abdn.ac.uk on 25/02/2004 14:05:34

Veuillez répondre à ip-dvb@erg.abdn.ac.uk

Envoyé par :      owner-ip-dvb@erg.abdn.ac.uk


Pour : ip-dvb@erg.abdn.ac.uk
cc :
Objet :     Re: Réf. : Re: Encryption control of SNDU




Tarif.Zein-Alabedeen@space.alcatel.fr wrote:

>
> Well, L3 IPsec vs L2 encryption is rather an old debate.
Yes, and far from me the will to initiate a flame war ;-)

> Any way, L2 encryption is almost always asked for by satellite providers
to
> allow intrinsic securtiy within the system
> independantly of L3 security. IPsec is an option which is not always
> applied.
> How many poeple do have their DSL link secured with IPsec?
> if this is not dramatic in a wired system since it is rather difficult to
> snif your DSL line, a wireless system is rather vulnerable.
I don't really buy those arguments, but I think this debate is out of
scope of this WG ;-) but I'm ready to have a discussion with you
off-list.

> That is why such L2 securtiy has been provisioned for dvb-rcs systems.
> Encryption at MPEG layer as suggested in the requirements ID
> (draft-fair-ipdvb-req-04.txt) can not allow a per receiver keying
>
> If such a solution is not put into ULE, it may simply turn to be
> inapplicable to dvb-rcs systems :(
can it be managed (including
keying etc ...) at pure MPEG-2 level ? i.e. there's an encryption
done for all traffic using a (some) PID(s), which leaves ULE quite
un-concerned ?

Cheers.
Alain.
--
Alain RITOUX
Tel +33-1-39-30-92-32
Fax +33-1-39-30-92-11
visit our web http://www.6wind.com






T. Zein

ALCATEL SPACE
DRT/RST  --  Ingénieur Systèmes
Tel : 0534356918  /  Fax : 0534355560
Porte : W.220