I think most of the reviewers are missing the point of this draft.
The point is not that the timing packets are inherently secret and need
encryption, but that the 3GPP architecture mandates that EVERYTHING flowing to
the femtocell must be inside a secure tunnel, whether the security is needed or
not. It's a wider architecture issue, not the issue about whether encryption is
needed and how best to do it.
The key figure from the draft is Figure 1:
+-------------+
| |
| Femtocell |<-----------------------------+
| | |
+-------------+ |
|
|
/---------------------\
| |
| Public Network |
| |
\---------------------/
|
|
+------------+ +-------------+ |
|Clock Server|---------->| | |
+------------+ | | |
| Security GW |->---+
+------------+ | |
|Femto GW |---------->| |
+------------+ +-------------+
Figure 1. Typical Architecture of a Femtocell Network
The problem with this is once the packets have been encrypted, it is not
possible for the femtocell to timestamp them on reception because it doesn't
recognise them until after decryption, which is what this draft tries to
address.
I totally agree with the comments people like Danny have made that point out
the difficulties that identifying timing packets just opens them up to attack.
However, comments attacking the rationale for encryption are wide of the mark -
the packets are encrypted by 3GPP architecture, we have to work out how to deal
with that.
We could argue that 3GPP should never have mandated this type of architecture,
but we would be better off arguing that at 3GPP, not here in IETF.
Tim
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
[email protected]
Sent: 17 October 2011 11:49
To: [email protected]; [email protected]
Cc: [email protected]; [email protected]; [email protected]; [email protected]
Subject: Re: [TICTOC] [IPsec] Review request for IPsec security for packet
based synchronization (Yang Cui)
>I cannot answer for the performance but if I was worried about making sure I
>got the correct time I'd be more likely to be concerned about authenticating
>the server than encrypting the contents. Encryption doesn't do a thing for
>ensuring you got a valid packet.
You don't need data confidentiality, but you do need data integrity and
anti-replay, both of which you get from the integrity part of IPSec. This is
a place where the integrity-only cipher suites are applicable.
paul
_______________________________________________
TICTOC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tictoc
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
