Re: I-D ACTION: draft-cruickshank-ipdvb-sec-req-01.txt

[Gorry Fairhurst <gorry@erg.abdn.ac.uk>]

Prashat,

Thanks for submitting your draft. Focussing for the moment on the 
security requirements and architecture:

Are there any issues that you think you should be addressed in the 
security requirements document that are not currently captured in draft -01?

Or any areas that you think should also be considered?

Gorry

P.Pillai@Bradford.ac.uk wrote:
> Hi William,
>
> The draft (draft-ppillai-ipdvb-sule-00.txt) that I submitted a few days back
> (3rd May) was to look into how the different security requirements of data
> confidentiality, data authentication, data integrity and replay attacks
> prevention can be met by using a modified ULE SNDU. It is not intended to be a
> “security requirement” draft. The reason why I have added the security
> requirement section in my draft is because the security requirements draft
> (draft-cruickshank-ipdvb-sec-req-00.txt) that was submitted a few months back
> did not address all these security requirements.
>
> The new revision of the security draft (draft-cruickshank-ipdvb-sec-req-01.txt)
> submitted on the 9th of May now addresses the need for these different security
> features.
>
> I agree with you that there are performance issues when security overheads would
> be added to ULE. But this is a price that one has to pay to get the security
> services. It is a trade-off. Also there are several hardware accelerators
> present that do enhance the performances of these security algorithms (both for
> encryption and generation of MACs)
>
> Regards
> Prashant Pillai
>
>
>
> Quoting William Stanislaus <williams@calsoft.co.in>:
>
>
> > Hello,
> > I'm a bit confused, sometime before we received similar draft from P.Pillai
> > on the same area ( secure ULE).
> > The security requirements discussed by "draft-ppillai-ipdvb-sule-00.txt" are
> > already discussed in detail by "draft-cruickshank-ipdvb-sec-req-01.txt".
> >
> > In general, the DVB terminals are just a forwarders i.e. Forwards IP packets
> > from DVB interface to Ethernet interface (DVB-S/DVB-RCS) and forwards IP
> > packets from Ethernet interface to DVB interface (DVB-RCS). They don't do
> > much packet processing, that makes the DVB terminal simple and cheaper in
> > performance. I was wondering there was no discussion in these drafts about
> > the performance issues by implementing these security encryptions and
> > decryptions. In these drafts it was referred to IPSEC and its
> > functionalities, but at the same time we should not forget the IPSEC
> > performance degrades and hardware based accelerators
> >
> > Best Regards,
> > William Stanislaus | Technical Consultant
> > Nortel Networks Division | CalSoft
> > email: williams@calsoft.co.in | Mobile: (+91) 98409 10581
> > SkypeIn (VoIP): +1 (650) 515 3738
> > www.californiasw.com
> >
> >
> >
> >
> >
> > > From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
> > > Reply-To: <ipdvb@erg.abdn.ac.uk>
> > > Date: Thu, 11 May 2006 10:23:24 +0100
> > > To: "ipdvb@erg.abdn.ac.uk" <ipdvb@erg.abdn.ac.uk>
> > > Conversation: I-D ACTION: draft-cruickshank-ipdvb-sec-req-01.txt
> > > Subject: I-D ACTION: draft-cruickshank-ipdvb-sec-req-01.txt
> > >
> > >
> > > A New Internet-Draft is available from the on-line Internet-Drafts
> > > directories.
> > >
> > >
> > >    Title        : Security requirements for the Unidirectional
> > >                   Lightweight Encapsulation (ULE) protocol
> > >    Author(s)    : H. Cruickshank, S. Iyengar, L. Duquerroy
> > >    Filename     : draft-cruickshank-ipdvb-sec-req-01.txt
> > >    Pages        : 13
> > >    Date         : 2006-5-09
> > >
> > >
> > >   This document provides a threat analysis and derives security
> > >   requirements for MPEG-2 transmission links using the Unidirectional
> > >   Lightweight Encapsulation (ULE). It also provides the motivation for
> > >   ULE link level security. This work is intended as a work item of the
> > >   ipdvb WG, and contributions are sought from the IETF on this topic.
> > >
> > >
> > > A URL for this Internet-Draft is:
> > > http://www.ietf.org/internet-drafts/draft-cruickshank-ipdvb-sec-req-01.txt
> > >
> > > Internet-Drafts are also available by anonymous FTP. Login with the
> >
> > username
> >
> > > "anonymous" and a password of your e-mail address. After logging in,
> > > type "cd internet-drafts" and then
> > >    "get draft-cruickshank-ipdvb-sec-req-01.txt".
> > >
> > > A list of Internet-Drafts directories can be found in
> > > http://www.ietf.org/shadow.html
> > > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> > >
> > >
> > > Best wishes,
> > >
> > > G Fairhurst
> > > (ipdvb WG Chair)