[opendtv] Re: FCC R&O on MVPD program sources

• From: "Manfredi, Albert E" <albert.e.manfredi@xxxxxxxxxx>
• To: "opendtv@xxxxxxxxxxxxx" <opendtv@xxxxxxxxxxxxx>
• Date: Sun, 24 Jan 2010 17:29:17 -0600

Tom Barry wrote:

> Well, maybe they are happy with that.  But it seems it is
> vulnerable to replay attacks.  For instance if I have box 1234
> with options "all" it seems I could give it "1234 all" even
> after I canceled service, assuming I could send signals to it.
>  Do they assume I can't?

It wouldn't be a very sesnsible security protocol if it allowed that sort of 
behavior, Tom. At least in  the RFC 3740 scheme, the security associations 
would change shortly after you dropped the service, which means the encryption 
algorithm would change.

The Internet scheme is meant for cases where any group member may also be a 
source of multicasts to the group. So it's very important to ensure that if a 
group members leaves the group, you don't just assume that he would still be 
automatically authenticated in the future, should he want to rejoin.

A missing piece that you seem to be most interested in is the key exchange 
protocol. The Internet key exchange is a system of public and private keys. The 
private key only works in your box. It's not quite as simple as just being the 
serial number of your recevier.

This document describes the current key exchange protocol, IKEv2:

http://www.ietf.org/rfc/rfc4306.txt?number=4306

Updated by

http://www.ietf.org/rfc/rfc5282.txt?number=5282

to explain how the IKEv2 exhanges are themselves authenticated and encrypted.

So I don't think that any group member can easily broadcast his own key 
exchange transactions to others, and have these others authenticate themselves 
that way. But as you say, these mechanisms are not static.

Lucky for OTA broadcasters, I think going this route for them is not going to 
work anyway. As a business model, that is.

Bert
 
 
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:

- Using the UNSUBSCRIBE command in your user configuration settings at 
FreeLists.org 

- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word 
unsubscribe in the subject line.

Other related posts:

• » [opendtv] FCC R&O on MVPD program sources- Manfredi, Albert E
• » [opendtv] Re: FCC R&O on MVPD program sources- Craig Birkmaier
• » [opendtv] Re: FCC R&O on MVPD program sources- Tom Barry
• » [opendtv] Re: FCC R&O on MVPD program sources- Manfredi, Albert E
• » [opendtv] Re: FCC R&O on MVPD program sources- Manfredi, Albert E
• » [opendtv] Re: FCC R&O on MVPD program sources- Michael Enright
• » [opendtv] Re: FCC R&O on MVPD program sources- Craig Birkmaier
• » [opendtv] Re: FCC R&O on MVPD program sources- Tom Barry
• » [opendtv] Re: FCC R&O on MVPD program sources- Manfredi, Albert E
• » [opendtv] Re: FCC R&O on MVPD program sources- Tom Barry
• » [opendtv] Re: FCC R&O on MVPD program sources- John Shutt
• » [opendtv] Re: FCC R&O on MVPD program sources- Tom Barry
• » [opendtv] Re: FCC R&O on MVPD program sources - Manfredi, Albert E
• » [opendtv] Re: FCC R&O on MVPD program sources- Manfredi, Albert E

1. Home
2. opendtv
3. Archive
4. 01-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---