[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: ULE SEC REQ draft rev -03



I'm not sure what the issue is here. The paragraph that was cited form I-D seems to be speaking about authentication, which ultimately becomes a host-to-host (or security gateway-to-security gateway, etc).

Your text seems to touch on something different: If you are suggesting motivating the advantage of securing the "weakest" link (which at least for eaves-dropping, could be the broadcast link), then this seems a reasonable thing to point to in the introduction perhaps?

Gorry


Michael Noisternig wrote:
Hi,

I Agree with Prashants view on this. The reason being it is already mentioned in the draft that wired links are difficult to intercept. IMO


Right. But my point was not to state once more that the wireless ULE broadcast link is more vulnerable but to present a showcase where there is no way to enforce end-to-end security, and thus to point out more explicitely that a solution for securing the ULE link only is very desirable.
This is in contrast to the current draft which only says
"...if authentication of the end-point i.e. the IP Sources is required,
       or users are concerned about loss of confidentiality, integrity
       or authenticity of their communication data, they will have to
       employ end-to-end network security mechanisms like IPSec or
       Transport Layer Security (TLS)."

this case is very confusing without adding much to the draft. I propose we let it be as it is. If there are no further comments we are going to submit this version for the last call.


Best Regards
Sunny