Re: [Ecrit] Comments to draft-barnes-ecrit-auth-00.txt
Richard Barnes <rbarnes@bbn.com> Mon, 23 July 2007 15:08 UTC
Return-path: <ecrit-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICzWI-0001oo-1a; Mon, 23 Jul 2007 11:08:22 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICzWG-0001oJ-Ly for ecrit@ietf.org; Mon, 23 Jul 2007 11:08:20 -0400
Received: from mx12.bbn.com ([128.33.0.81]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ICzWG-0007Vt-1O for ecrit@ietf.org; Mon, 23 Jul 2007 11:08:20 -0400
Received: from dommiel.bbn.com ([192.1.122.15] helo=[127.0.0.1]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1ICzWE-0000Zi-4V; Mon, 23 Jul 2007 11:08:18 -0400
Message-ID: <46A4C45C.10904@bbn.com>
Date: Mon, 23 Jul 2007 10:08:12 -0500
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Subject: Re: [Ecrit] Comments to draft-barnes-ecrit-auth-00.txt
References: <46A27298.2000005@gmx.net>
In-Reply-To: <46A27298.2000005@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Cc: ECRIT <ecrit@ietf.org>
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Errors-To: ecrit-bounces@ietf.org
Hannes, Thanks for your comments. A few responses: > The UAC does not need to have access to precise location information. > The considerations for "location hiding" apply here. It doesn't need to have precise location, but it needs to have some location that's good enough for LoST. This may not be the case, e.g., if it just got the PSAP URIs through HELD. > I am not sure what you mean with the sentences in the later part of the > paragraph draft-ietf-sip-location-conveyance puts a few relevant restrictions on the use of the Geolocation header, including the specification of which request and response types can carry it. It also says that the value in the Geolocation header is always the location of the UAC. I was thinking that the UAS (the PSAP) might include ITS location in a Geolocation header, which would be a problem. > Section 2.2: Asserter Identity > > This model assumes that the PSAP operators network asserts that it has > received an emergency call. It furthermore assumes that the VSP is able > to verify which identities are indeed PSAP operators. Hence, some white > lists of PSAP operators need to made available. That's correct. I was imagining that you would have a dedicated authentication infrastructure for emergency services entities, so that if an entity were authenticated under this infrastructure, then you would know it's an emergency services entity. > You want to use the Connected Identity for this purpose. Yes, that's how a PSAP (as a UAS) could assert its identity. If you were thinking about authority-to-citizen, you use SIP Identity for the originating authority to authenticate its identity. > From the description I got the impression that this is the plain SIP > Identity. I cannot quite see how this prevents the attack. How does a > VSP verify whether this is indeed an emergency call? The idea behind 2.3 is something SAML-like: An asserter that has a credential that shows that it's authorized to assert emergency calls, like an emergency services gateway. The asserter inserts a marking (think SAML assertion) that asserts that the call is an emergency call. > Another solution would be to sign a LoST mapping response (with a > service boundary). The SIP UA would then add the signed LoST mapping > into the SIP message together with the location information it used for > retrieving the mapping. The VSP would verify that > a) the signature of the mapping is correct. > b) compare the identity of the mapping server with a a whitelist of > valid mapping servers > c) verify whether the location information is contained in the service > boundary. > > The problem is that this is again complex, i.e., by no means better than > the current solution we use as a working assumption. Using signed LoST responses could be a good option, one I'd like to discuss more. I'll split this off into a separate thread. --Richard _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www1.ietf.org/mailman/listinfo/ecrit
- [Ecrit] Comments to draft-barnes-ecrit-auth-00.txt Hannes Tschofenig
- Re: [Ecrit] Comments to draft-barnes-ecrit-auth-0… Richard Barnes
- [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings James M. Polk
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings James M. Polk
- Re: [Ecrit] Signed LoST mappings Shida Schubert
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Shida Schubert
- [Ecrit] ieee presentation in ecrit Gabor.Bajko
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- RE: [Ecrit] Signed LoST mappings Dawson, Martin
- Re: [Ecrit] Signed LoST mappings Richard Barnes
- Re: [Ecrit] Signed LoST mappings Henning Schulzrinne
- Verifying that a call goes to a PSAP (Was Re: [Ec… Matt Lepinski
- Re: Verifying that a call goes to a PSAP (Was Re:… James M. Polk
- Re: Verifying that a call goes to a PSAP (Was Re:… Matt Lepinski
- Re: Verifying that a call goes to a PSAP (Was Re:… Henning Schulzrinne
- Re: Verifying that a call goes to a PSAP (Was Re:… Richard Barnes
- Re: Verifying that a call goes to a PSAP (Was Re:… Henning Schulzrinne
- RE: Verifying that a call goes to a PSAP (Was Re:… Brian Rosen