Comments on draft-cruickshank security requirements

[Gorry Fairhurst <gorry@erg.abdn.ac.uk>]

I have the following comments which I would like to discuss on the ipdvb
mailing list.

Gorry Fairhurst
(as ipdvb WG Chair)

---

Comments/Issues:

1) Are the scenarios OK? are they applicable to all deployments?  with
satellite, cable, S2, Terrestrial, ATSC, etc?


2) I think we need to tease out the work on what is meant by L2
authentication on pt-2-pt or pt-2-mpt links? Appropriate authentication
methods must be determined... In Internet security ³integrity² is often more
important than ³confidentiality² - but for these links we suggest the
converse is true - since authentication and e2e delivery checks are best
provided at of above the IP Layers... Where do we judge what are the
appropriate goals for level 2 authentication?


3) I didn't understand what you meant by:
Page 9:
/problematic in the case of broadcast networks such as MPEG-2 transmission
networks. /
- why? - because of easy availability of receiver hardware and the wide
geographical span of the networks... or other reasons?


4) I would like to see more references to methods used by DVB/MPEG-2 network
architectures ...
* How is the proposal positioned against technologies from say the IEEE (for
802.14; 802.16).

5) Finally: Algorithm agility is required (crypto algorithms, hashes, become
obsolete and need to be updated) for all IETF security mechanisms, this
should be a clear & distinct requirement for the work this document
proposes.

-----------------------------------------------------------------