Fwd: [Ecrit] comments on draft-barnes-ecrit-auth-00
"Richard Barnes" <richard.barnes@gmail.com> Mon, 23 July 2007 14:53 UTC
Return-path: <ecrit-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICzIC-0007ZY-8S; Mon, 23 Jul 2007 10:53:48 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ICzIA-0007Z3-T3 for ecrit@ietf.org; Mon, 23 Jul 2007 10:53:46 -0400
Received: from ug-out-1314.google.com ([66.249.92.169]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ICzIA-0008Tc-7Y for ecrit@ietf.org; Mon, 23 Jul 2007 10:53:46 -0400
Received: by ug-out-1314.google.com with SMTP id u2so2792582uge for <ecrit@ietf.org>; Mon, 23 Jul 2007 07:53:45 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mJFcbE/00KreVs5FVV74FU0DOiAqsrW1vFN0bBLmqbYlIBTFGZ/qtTqxCBwjyFZNZtqkhcaRgXBr1pSG6LF4P+iorXJTDpCWKlJFginAzS51Q6mK/5OV6F8YPLJFTsrAzA8nCFS0lWjBDMKbBCHOUCudQQmGte0jkKLn1ma++yw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SC1zxEbLhBHfAhuvUSWs09w6psXwcdzC4YCulW2zhgaAsi0BwfIS3vYxY+HaJfr6G3xVcFY3Aep6uaA2k6DrfLEbftNzbQ4XewQSdJU+OymviLmFsdLM5WhjugJzAWiaLeeDKbXrfJMRxhmxS0/Y2QMB/vB/7xmU0KPZSslLMJ8=
Received: by 10.67.88.17 with SMTP id q17mr4236556ugl.1185202425498; Mon, 23 Jul 2007 07:53:45 -0700 (PDT)
Received: by 10.66.238.6 with HTTP; Mon, 23 Jul 2007 07:53:45 -0700 (PDT)
Message-ID: <88ac5c710707230753jb3a0e12i4ade59b02b37a23@mail.gmail.com>
Date: Mon, 23 Jul 2007 10:53:45 -0400
From: Richard Barnes <richard.barnes@gmail.com>
To: ecrit@ietf.org
Subject: Fwd: [Ecrit] comments on draft-barnes-ecrit-auth-00
In-Reply-To: <88ac5c710707230727ieb50b9fqa6a5b5bad8f49c2f@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <46A49F6D.4050809@cisco.com> <88ac5c710707230727ieb50b9fqa6a5b5bad8f49c2f@mail.gmail.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Errors-To: ecrit-bounces@ietf.org
---------- Forwarded message ---------- From: Richard Barnes <richard.barnes@gmail.com> Date: Jul 23, 2007 10:27 AM Subject: Re: [Ecrit] comments on draft-barnes-ecrit-auth-00 To: Jonathan Rosenberg <jdrosen@cisco.com> Jonathan, Thanks a lot for your comments. Some responses below: > If my understanding is correct, the primary problem being addressed here > is dealing with malicious callers that try and send emergency calls that > are not really emergency calls. Is that correct? Essentially, yes. I will add a better exposition of this problem in the next version. > Furthermore, I think > the fundamental assumption you are making is that a call is considered a > valid emergency call if its routing will cause it to arrive at a PSAP. > Consequently, the primary threat that is being addressed here are users > that label calls as emergency calls, in order to get some kind of > specialized treatment, but the calls don't go to a PSAP, but rather go > to a friend or colleague. Is that correct? I wouldn't characterize it quite that way. The basic assumption is that somebody (VSPs, ISPs, etc) will want to distinguish between emergency and non-emergency calls, based on some criterion. The distinguishing criterion could be the identity of either endpoint (To: or From:), or some explicit designation by a third-party authority. Presumably some action will be taken based on this distinction (e.g. changes in billing), that will make it attractive to have a call handled as an emergency call. So the threat is that the mechanism used for distinguishing emergency calls from non-emergency calls will be abused by non-emergency callers to obtain special treatment. > I'll note that this problem goes away if the VSP performs the location > to PSAP mapping, not the UA. You might want to mention this as another > solution. That solution only provides assurance to the VSP that does the mapping, not to any upstream or downstream entities. And in any case, a lot of the motivation for this document was the "location hiding" use case, where there's no location in the SIP message that the VSP can read (e.g., an access-controlled L-by-R). > Section 2.2 - why does the identity of the caller, as asserted by the > called party, indicate that this is an emergency call? I'd think you > really want an assertion of role of the connected party - i.e., the 200 > OK response to a call to a PSAP has a SAML document that attests that > this 'user' is a PSAP. First, note that the asserter is asserting its own identity; the called party asserts the identity of the callee, not the caller. The identity of the called party indicates that it is an emergency call because the identity presumably demonstrates that the called party is a PSAP. This is consistent with the definition of an emergency call used in the "location+URN" case (in which case the identity is the To AoR, and it is shown to be a PSAP via LoST). As far as direct assertions (like SAML), that's what I was trying to describe in section 2.3. > The draft talks about "authenticating" emergency services calls, but > this term is not correct here. Authentication is establishment of > identity of the originator of a message. That is not what we are doing > here. I think this draft is about verification that a call is an > emergency call. I was using the term in the sense the the mechanisms in the document "authenticate" the emergency status of the call (vs. the call itself), in that they demonstrate that the call is actually, authentically an emergency call. But it's just terminology, if people like verification better, we can change it to that. Thanks a lot, --Richard _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www1.ietf.org/mailman/listinfo/ecrit
- [Ecrit] comments on draft-barnes-ecrit-auth-00 Jonathan Rosenberg
- RE: [Ecrit] comments on draft-barnes-ecrit-auth-00 Winterbottom, James
- Fwd: [Ecrit] comments on draft-barnes-ecrit-auth-… Richard Barnes