Management Information Base for Data Over Cable Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus
RFC 4131

Note: This ballot was opened for revision 15 and is now closed.

(Steven Bellovin) Discuss

Discuss (2004-09-24 for -)
The Security Considerations section says

    The time to crack DES could be additionally
    mitigated by a compromised value for the TEK lifetime and Grace Time
    (up to a minimum of 30 minutes for the TEK lifetime, see
    Appendix A [1]).

That's only partially correct.  These keys are confidentiality keys; they're still valuable even after they're no longer in active use, because they can be used to decrypt old traffic.  (By contrast, old authentication keys are useless to an attacker.)
Comment (2004-09-24 for -)
No email
send info
I concur in Russ' comments about the lack of any suitably strong crypto algorithms.  40-bit DES is, frankly, an embarrassment at this point.  Yes, I realize that DOCSIS isn't doing it right yet; that's no reason for us to do it wrong.  We should put the code points into the MIB now, and let them catch up.  But I'll let Russ hold that part of the DISCUSS (as well as the note that authentication algorithms are needed.)

(Bert Wijnen) Yes

(Harald Alvestrand) No Objection

Comment (2004-09-27 for -)
No email
send info
Reviewed by Mary Barnes, Gen-ART

I (Harald) agree with the security ADs' DISCUSS comments.

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Scott Hollenbeck) No Objection

(Russ Housley) (was Discuss) No Objection

Comment (2004-09-22)
No email
send info
  Please delete the second paragraph of the Abstract prior to publication
  as an RFC.

  In the Abstract: s/DOCSIS1.1/DOCSIS 1.1/

(David Kessens) No Objection

(Allison Mankin) No Objection

(Thomas Narten) No Objection

(Jon Peterson) No Objection

(Alex Zinin) No Objection