[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: ULE SEC REQ draft rev -03

To: Michael Noisternig <mnoist@cosy.sbg.ac.at>
Subject: Re: Fwd: ULE SEC REQ draft rev -03
From: Prashant Pillai <P.Pillai@Bradford.ac.uk>
Date: Thu, 05 Jul 2007 12:44:06 +0100
Cc: ipdvb@erg.abdn.ac.uk
In-reply-to: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Internet Messaging Program (IMP) 3.2.7

Hi Michael,

Firstly thanks for your feedback amd comments to the draft.

Regarding this paragraph from your modifications. It was only removed because we
were not very comfortable with the wordings. See Inline

Quoting Michael Noisternig <mnoist@cosy.sbg.ac.at>:

> Dear draft authors,
>
> I am missing the following particular paragraph from my edits within
> section 3.1 (between the last and the but-last paragraph):
>
> > However, the end-points of a communication might not be under central
> > control (such as when browsing the public internet), and then it may not
> > be possible to rely on end-to-end security.

End-to-end security has nothing to do with central control. Only the two
comunicating end parties are resposible for seting up any end-to-end security.
So this sentance is quite misleading as we should be able to use end-to-end
security withought any central control.

> > ULE link security will then
> > provide protection against attacks on the weakest link within the
> > communication chain, i.e. the ULE broadcast link (see section 3.2).

I am not sure if the ULE link would be the weakest link. Especially when data is
sent over the interent (the case of wesbites like you mention) I would consider
the fixed links to be vulnerable also.

>
> I think it is a case important enough to be outlined, i.e. a case where
> an "ordinary" end-user (compared to a company) has no possibility to
> enforce end-to-end security, yet he does not want "the whole world" to
> potentially see the data he receives (e.g. the web sites he visits).
> It demonstrates another reason for why ULE link layer security is
> desirable, IMO.

As discussed above, I also do not really see the point of only securing the ULE
link when the interet link is unsecured. Securing only part of the link IMO
will make the other link the weakest link.

> Do you disagree?
>
> (The wording of cited paragraph should be reworked in part, though.)
>
> Michael

Regards
Prashant

==========================================================
Dr Prashant Pillai
Mobile and Satellite Communications Research Centre (MSCRC)
School of Engineering, Design & Technology (EDT2)
University of Bradford
Bradford, West Yorkshire BD7 1DP.
Tel: +44(0)1274 233720
Email: p.pillai@bradford.ac.uk
==========================================================
------------------------------------------------------------
This mail sent through IMP: http://webmail.brad.ac.uk
To report misuse from this email address forward the message
and full headers to misuse@bradford.ac.uk
------------------------------------------------------------

Follow-Ups:
- Re: Fwd: ULE SEC REQ draft rev -03
  - From: Michael Noisternig <mnoist@cosy.sbg.ac.at>

References:
- Re: Fwd: ULE SEC REQ draft rev -03
  - From: Michael Noisternig <mnoist@cosy.sbg.ac.at>

Prev by Date: Re: Fwd: ULE SEC REQ draft rev -03
Next by Date: Re: Fwd: ULE SEC REQ draft rev -03
Previous by thread: Re: Fwd: ULE SEC REQ draft rev -03
Next by thread: Re: Fwd: ULE SEC REQ draft rev -03
Index(es):
- Date
- Thread