RE: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)

[<H.Cruickshank@surrey.ac.uk>]

Many thanks Ana for your comments,
 
See replies in-line:
 
----
Dr. Haitham S. Cruickshank 
Lecturer 
Communications Centre for Communication Systems Research (CCSR)
BA Building, Room E11 
School of Electronics, Computing and Mathematics
University of Surrey, Guildford, UK, GU2 7XH 
 
Tel: +44 1483 686007 (indirect 689844) 
Fax: +44 1483 686011 
e-mail: H.Cruickshank@surrey.ac.uk <mailto:H.Cruickshank@surrey.ac.uk>  
http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ <outbind://1-00000000A3A4994E2BD6A748A3EE49099E5DCB460700C31D320295E23A4EBD131946F0FE1BB000000033C7FF0000C31D320295E23A4EBD131946F0FE1BB0000001AB9C620000/exchweb/bin/redir.asp?URL=http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/>  
 

________________________________

From: ana.yungarcia@thalesaleniaspace.com [mailto:ana.yungarcia@thalesaleniaspace.com] 
Sent: 17 July 2009 08:05
To: ipdvb@erg.abdn.ac.uk
Cc: gorry@erg.abdn.ac.uk; Cruickshank HS Dr (CCSR); P.Pillai@bradford.ac.uk
Subject: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)



Dear authors, 

Nice initiative looking for security over ULE. In fact, link layer security for DVB systems is becoming more and more an issue.  
Haitham: Thanks. 

One question about the security key management, have we thought how to perform it over DVB-RCS systems with different topologies? 
Star systems with a central HUB seems to be an easy scenario, but what about mesh scenarios, who will handle the security keys? 
Is there going to be a pair of share keys per pair of terminals communicating with each other or there will be a different criteria as maybe per 
MAC connection between terminals?  
 
 Haitham: This draft does not address the key management issue. It only focuses on the security extension header format for ULE. The key management can be viewed as an independent issue from the topic of this draft. But it is an important issue. 


   What protocol and what messages will be used for the security key management?  DVB-RCS security systems does cover the star 
topology configuration, but not yet the mesh case. If we believe that in this case we could use GDOI or GSAKMP protocols, 
in our understanding, it will be another exercise to check how these two protocols really solve the problem of security key management in the different  mesh scenarios. 

Haitham: Yes GSAKMP, GDOI or others can be used to solve the key management issues.

Other comments: 

- Section 8. Security considerations 
"Increasing sequence numbers could be linked to a single connection." 
Are we referring to IP connections or link layer connections? 

Haitham: It relates to link layer connection.

- Broadcasting DVB systems use MPEG formatting. But DVB-RCS star transparent systems, mostly use ATM formatting and only optionally MPEG formatting. Using the PID value to identify the source can always be applied to the user terminal in RCS systems. But in a star transparent configuration, the HUB will receive ATM cells,  Does it have any impact? 

Haitham: In this draft we did not address the ATM cell transmissions. I am not sure if there is a demand for using ATM.


Kind regards, 

Ana 




=========================
Ana YUN GARCIA
Satellite Networks Manager
Thales Alenia Space España
tel. +34 91 807 78 21
www.thalesaleniaspace.com
=========================