[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: DVB GBS & IETF IPDVB Liaison
I am pleased to have received the following comments from DVB via the
GBS Chair.
These comments concern two ipdvb WG documents that are approaching WGLC
(and a related draft). The comments are provided as inputs to this
working group, and I would encourage people with interest, particularly
in Security, to discuss the issues that are raised to allow the
generation of a final draft-ietf-ipdvb-sec-req-04.txt.
Best wishes,
Gorry Fairhurst
(ipdvb WG Chair)
----
GBS comments as supplied:
- general comments
The good news is that we have only very few comments and these
are on very specific issues. This means that we came to
conclusions most similar to yours and we're hence probably all
on the right track.
- draft-ietf-ipdvb-ule-ext-04.txt
"Extension Formats for Unidirectional Lightweight Encapsulation
(ULE) and the Generic Stream Encapsulation (GSE)"
This appears rather to be an introductory document so we don't
have any security related comments on this one.
- draft-ietf-ipdvb-sec-req-03.txt
"Security requirements for the Unidirectional Lightweight
Encapsulation (ULE) protocol"
This document basically lists the same threat scenarios that we
GBS is considering. So we have nothing to add in this respect.
However we have come to the conclusion that some of these
threats might also require mechanisms at the layer below the IP
encapsulation which we did not see in your document? As GBS is
building on top of a baseband layer which is currently under
development, we of course still have the option of imposing
security requirements on that layer (as opposed to the MPEG-2 TS
which you are building upon)
In section 5.2, when talking about the distribution of IP
streams across PIDs, we think that the 1st and 2nd disadvantage
do not apply in the generality in which they appear to be
stated. In the text above the disadvantages, you correctly say
that _typically_ the IP streams share a PID which implies that
they don't necessarily do so. This aspect is dropped and shared
PID is always assumed when talking about the disadvantages.
- draft-cruickshank-ipdvb-sec-03.txt
"Security Extension for Unidirectional Lightweight Encapsulation
Protocol"
"Receiver NPA address hiding (mandatory)":
draft-ietf-ipdvb-sec-req-03.txt seemed to suggest it were
optional? We would prefer to have it optional.
The PDU type does not seem to be encrypted?
We would suggest opening up for optionally using encrypted MAC
addresses instead of temporary ones.
We truly hope to have been helpful with our review and
comments. Should you in turn have any further comments or questions,
please don't hesitate to contact me.
Please feel free to distribute the comments to all ipdvb members as
you deem appropriate.
Thanks a lot and cheers,
--alexander