Re: [Atoca] Requirement for Originator Authentication?

"DALY, BRIAN K (ATTCINW)" <BD2985@att.com> Mon, 17 January 2011 06:31 UTC

Return-Path: <BD2985@att.com>
X-Original-To: earlywarning@core3.amsl.com
Delivered-To: earlywarning@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 310733A6E7E for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 22:31:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.077
X-Spam-Level:
X-Spam-Status: No, score=-106.077 tagged_above=-999 required=5 tests=[AWL=0.522, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgUyeJuIUQKL for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 22:31:52 -0800 (PST)
Received: from mail129.messagelabs.com (mail129.messagelabs.com [216.82.250.147]) by core3.amsl.com (Postfix) with ESMTP id 047E33A6E7B for <earlywarning@ietf.org>; Sun, 16 Jan 2011 22:31:51 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: BD2985@att.com
X-Msg-Ref: server-14.tower-129.messagelabs.com!1295246064!34697765!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: [144.160.112.25]
Received: (qmail 32576 invoked from network); 17 Jan 2011 06:34:24 -0000
Received: from sbcsmtp3.sbc.com (HELO tlph064.enaf.dadc.sbc.com) (144.160.112.25) by server-14.tower-129.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 17 Jan 2011 06:34:24 -0000
Received: from enaf.dadc.sbc.com (localhost.localdomain [127.0.0.1]) by tlph064.enaf.dadc.sbc.com (8.14.4/8.14.4) with ESMTP id p0H6YNis021917; Mon, 17 Jan 2011 00:34:23 -0600
Received: from td03xsmtp007.US.Cingular.Net (TD03XSMTP007.us.cingular.net [135.179.64.45]) by tlph064.enaf.dadc.sbc.com (8.14.4/8.14.4) with ESMTP id p0H6YJiY021864; Mon, 17 Jan 2011 00:34:19 -0600
Received: from BD01XSMTP003.US.Cingular.Net ([135.163.18.44]) by td03xsmtp007.US.Cingular.Net with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 Jan 2011 00:34:19 -0600
Received: from BD01MSXMB016.US.Cingular.Net ([135.214.27.50]) by BD01XSMTP003.US.Cingular.Net with Microsoft SMTPSVC(6.0.3790.4675); Sun, 16 Jan 2011 22:34:18 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Date: Sun, 16 Jan 2011 22:34:18 -0800
Message-ID: <FDFC6E6B2064844FBEB9045DF1E3FBBC024A1E58@BD01MSXMB016.US.Cingular.Net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Atoca] Requirement for Originator Authentication?
Thread-Index: Acu06rVOLwvhgOa0T5WSS8cq4sczfAA5M37gABBDhy0=
From: "DALY, BRIAN K (ATTCINW)" <BD2985@att.com>
To: <Martin.Thomson@andrew.com>, <hannes.tschofenig@gmx.net>, <earlywarning@ietf.org>, <igor.faynberg@alcatel-lucent.com>
X-OriginalArrivalTime: 17 Jan 2011 06:34:18.0934 (UTC) FILETIME=[91A39560:01CBB610]
Subject: Re: [Atoca] Requirement for Originator Authentication?
X-BeenThere: earlywarning@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <earlywarning.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/earlywarning>
List-Post: <mailto:earlywarning@ietf.org>
List-Help: <mailto:earlywarning-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2011 06:31:57 -0000

Authorization to initiate alerts  should be provided by the entity that is initiating the alerts and not ATOCA. ATOCA should authenticate the receipt of the alerts is from a trusted source.
Brian K. Daly
   Sent to you by AT&T... 
   America's Fastest Mobile Broadband
       Network.  Rethink Possible.
   +1.425.580.6873
-------
Sent from my Blackberry

----- Original Message -----
From: earlywarning-bounces@ietf.org <earlywarning-bounces@ietf.org>;
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>;; earlywarning@ietf.org <earlywarning@ietf.org>;; Igor Faynberg <igor.faynberg@alcatel-lucent.com>;
Sent: Sun Jan 16 15:32:09 2011
Subject: Re: [Atoca] Requirement for Originator Authentication?

On 2011-01-16 at 06:30:33, Hannes Tschofenig wrote:
> Igor raised an interesting question during the meeting in context of
> the security threats, namely:
> 
> " Do we have the requirement to authenticate the originator? "

The question that I heard was not so much related to authentication as it was to authorization.  There was also a question about whether authentication was identity-based or on some other property, like some asserted trait.

What statements can we make about how recipients (and relays) authorize the receipt (and sending) of alert messages?
 
> I couldn't provide him an answer during the meeting because I was not
> quite sure whether he was asking the question in the style of
> 
> "Do we need end-to-end security or is a hop-by-hop security solution
> good enough?"

In the context of this interpretation, I think that there's a real need to delegate alert distribution.  The scale of distribution makes intermediaries a valuable addition.  Relying on the integrity of relays makes the authorization question more difficult to resolve.

For something concrete, the relay case is probably the simplest.  I might trust my signalling peer to a certain extent.  I certainly don't trust them enough to generate the massive packet storm requested by an alert message.  They might say the alert comes from the government, but I might require better proof than their say-so alone.  Distributing an alert will cost me money and I want proof.

That's one argument.  The other argument says that peering relationships require a degree of trust that would not be broken without serious ramifications - enough to discourage its abuse.

The recipient case might have some interesting quirks.  Particularly in wholesale/reseller arrangements.  A recipient that relies on hop-by-hop might receive an alert from the network operator: an entity with whom they have no direct relationship.  For instance, no fewer than two different operators are involved in getting packets to my house, neither of which I have a business relationship with.  How would someone - ignorant of the convoluted business arrangements that underpin their Internet service - decide to authorize an alert that is relayed by either party?

--Martin
_______________________________________________
earlywarning mailing list
earlywarning@ietf.org
https://www.ietf.org/mailman/listinfo/earlywarning