Phil, Been watching this conversation and had a few comments. First, one of the concerns is exposure to wire monitoring on the HFC (Hybrid-Fiber Coax) plant while using DOCSIS, then I think folks should be aware that there is encryption applied to the traffic between the CMTS and Cable Modem (CM). This was traditionally BPI (Baseline Privacy Inspection) and DOCSIS 3.0 supports SEC (which then allows use of AES). I may have missed the point along this email train, but folks may not be aware that putting an RF capturing device on the plant, or sitting behind a CM on the does not gain you gratuitous access to neighbouring people's data. So if application/network flows are also encrypted, you would not necessarily be able to know who it's for as all payload traffic should already be encrypted on the [DOCSIS] wire. This however does not change eavesdropping on the outside of the DOCSIS plan (after CM, or before CMTS). If one did come up with a way of sending normal traffic over a DOCSIS Multicast pipe, then there are a number of resource issues which need to be considered (as they have operator and vendor impact). Multicast is managed very differently (signalling and payload) in DOCSIS vs. Unicast traffic, and therefore resources will be an issue (i.e. IDs used to direct traffic for Unicast are not the same as those used for Multicast). To add, forcing a bunch of (or all) traffic down a Multicast pipe would impact an operator's ability to managed QoS for customers (which is already complex enough in the DOCSIS world) and may impact CM operation (which will be keeping track what multicast groups/packets will be forwarded for a given service endpoint). regards, Victor K On Fri, Nov 29, 2013 at 1:47 PM, Phil Karn <karn@philkarn.net> wrote:
On 11/29/2013 10:03 AM, Frank Bulk wrote:
It looks like Cisco is doing something in the IP Video over DOCSIS area, and so if you're serious about this, you could reach out to them.
It's not video over IP multicast that interests me so much as the opportunity to thwart NSA-style bulk traffic analysis by multicasting unicast messages with encrypted destination addresses so an eavesdropper can't tell who it's for.