[Ecrit] comments on draft-barnes-ecrit-auth-00
Jonathan Rosenberg <jdrosen@cisco.com> Mon, 23 July 2007 12:30 UTC
Return-path: <ecrit-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICx3q-0006nI-3T; Mon, 23 Jul 2007 08:30:50 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICx3p-0006n7-0W for ecrit@ietf.org; Mon, 23 Jul 2007 08:30:49 -0400
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ICx3o-0004gk-II for ecrit@ietf.org; Mon, 23 Jul 2007 08:30:48 -0400
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-2.cisco.com with ESMTP; 23 Jul 2007 08:30:48 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAJ48pEZAZnmf/2dsb2JhbAA
X-IronPort-AV: i="4.16,570,1175486400"; d="scan'208"; a="126744232:sNHT28971704"
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l6NCUmne028605 for <ecrit@ietf.org>; Mon, 23 Jul 2007 08:30:48 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id l6NCUlWK024165 for <ecrit@ietf.org>; Mon, 23 Jul 2007 12:30:48 GMT
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Jul 2007 08:30:29 -0400
Received: from [10.86.243.5] ([10.86.243.5]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Jul 2007 08:30:29 -0400
Message-ID: <46A49F6D.4050809@cisco.com>
Date: Mon, 23 Jul 2007 08:30:37 -0400
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: ECRIT <ecrit@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 23 Jul 2007 12:30:29.0518 (UTC) FILETIME=[413A6AE0:01C7CD25]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1822; t=1185193848; x=1186057848; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20comments=20on=20draft-barnes-ecrit-auth-00 |Sender:=20 |To:=20ECRIT=20<ecrit@ietf.org>; bh=fA5NZd4Jmadp81ObhLgPYv141JnY04v8ILyFBRo+43g=; b=LCyS5moo1iYbCxhXimCMckU5Bse+4jbCb4CbQrFuHABVKQstrAU4gRQ2pchTbw6TNxQ8zxgE 6A+1wfCPf9Kjf9vmMumtd7jI+BGCi9A6h1nEo23Je1Vf6f7IKiWrt+dB;
Authentication-Results: rtp-dkim-2; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Subject: [Ecrit] comments on draft-barnes-ecrit-auth-00
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Errors-To: ecrit-bounces@ietf.org
If my understanding is correct, the primary problem being addressed here is dealing with malicious callers that try and send emergency calls that are not really emergency calls. Is that correct? Furthermore, I think the fundamental assumption you are making is that a call is considered a valid emergency call if its routing will cause it to arrive at a PSAP. Consequently, the primary threat that is being addressed here are users that label calls as emergency calls, in order to get some kind of specialized treatment, but the calls don't go to a PSAP, but rather go to a friend or colleague. Is that correct? If so, you need to discuss this. The threat model here was very unclear. I'll note that this problem goes away if the VSP performs the location to PSAP mapping, not the UA. You might want to mention this as another solution. Section 2.2 - why does the identity of the caller, as asserted by the called party, indicate that this is an emergency call? I'd think you really want an assertion of role of the connected party - i.e., the 200 OK response to a call to a PSAP has a SAML document that attests that this 'user' is a PSAP. The draft talks about "authenticating" emergency services calls, but this term is not correct here. Authentication is establishment of identity of the originator of a message. That is not what we are doing here. I think this draft is about verification that a call is an emergency call. Thanks, Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems jdrosen@cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www1.ietf.org/mailman/listinfo/ecrit
- [Ecrit] comments on draft-barnes-ecrit-auth-00 Jonathan Rosenberg
- RE: [Ecrit] comments on draft-barnes-ecrit-auth-00 Winterbottom, James
- Fwd: [Ecrit] comments on draft-barnes-ecrit-auth-… Richard Barnes