IETF Logo Mail Archive

Re: [P2PSIP] Re: HIP pros and cons

Ali Fessi <ali.fessi@uni-tuebingen.de> Tue, 18 December 2007 21:14 UTC

Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4jm1-0000L4-JF; Tue, 18 Dec 2007 16:14:45 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4jm0-0000Kx-S7 for p2psip@ietf.org; Tue, 18 Dec 2007 16:14:44 -0500
Received: from u-173-c156.cs.uni-tuebingen.de ([134.2.173.156] helo=smtp.cs.uni-tuebingen.de) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J4jm0-0005qj-84 for p2psip@ietf.org; Tue, 18 Dec 2007 16:14:44 -0500
Received: from p54a00ad9.dip0.t-ipconnect.de ([84.160.10.217] helo=[192.168.178.20]) by smtp.cs.uni-tuebingen.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.60) (envelope-from <ali.fessi@uni-tuebingen.de>) id 1J4jl7-0000gY-Iu; Tue, 18 Dec 2007 22:13:51 +0100
Message-ID: <476837F7.8030608@uni-tuebingen.de>
Date: Tue, 18 Dec 2007 22:13:27 +0100
From: Ali Fessi <ali.fessi@uni-tuebingen.de>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: David Barrett <dbarrett@quinthar.com>
Subject: Re: [P2PSIP] Re: HIP pros and cons
References: <E1J4jD0-0006D9-Jx@megatron.ietf.org>
In-Reply-To: <E1J4jD0-0006D9-Jx@megatron.ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: p2psip@ietf.org
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org

Hi David,

David Barrett wrote:
> Just curious, if my laptop gets stolen, will P2PSIP provide any facility for
> me to prevent the thief from making and receiving calls in my name?

Once you have a certificate that you have received from the enrollment 
server, you can protect the private key that belongs to the certificate 
with a password on your local machine.

So nobody will be able to steal your identity (well, except with a 
dictionary attack on your password).

You don't need to contact one of the login servers here, except for 
verifying whether a peer certificate is in the revocation list. 
Certificate revocation is indeed a problem.


Cheers,
  Ali

> If so, how will that be done without a 24/7 realtime check to either a
> centralized or federated server?
> If we assume there's some kind of password, then that means there's some
> sort of password check.  If we assume we can ban clients, then we need to
> somehow record which clients are banned and check that.  If we can revoke
> certificates, then there's a certificate revocation list.
> 
> Is there any way to support this seemingly obvious requirement -- the
> requirement that I can prevent a thief from forever, undetectably
> impersonating me -- without some sort of central, realtime, 24/7 lookup?
> 
> Or is the answer "to be determined" or "not our problem; we punt this to
> another layer"?
> 
> -david


_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www1.ietf.org/mailman/listinfo/p2psip

v2.23.0 | Report a Bug | By Email