RE: [P2PSIP] Re: HIP pros and cons
"Brian Rosen" <br@brianrosen.net> Wed, 19 December 2007 19:32 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J54eP-0006eD-Tq; Wed, 19 Dec 2007 14:32:17 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J54eN-0006ad-JH for p2psip@ietf.org; Wed, 19 Dec 2007 14:32:16 -0500
Received: from ebru.winwebhosting.com ([74.54.111.226]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J54eM-0002xN-Vk for p2psip@ietf.org; Wed, 19 Dec 2007 14:32:15 -0500
Received: from [209.173.53.233] (helo=BROSLT41xp) by ebru.winwebhosting.com with esmtpa (Exim 4.68) (envelope-from <br@brianrosen.net>) id 1J54eB-0001o9-PY; Wed, 19 Dec 2007 13:32:04 -0600
From: Brian Rosen <br@brianrosen.net>
To: 'David Barrett' <dbarrett@quinthar.com>, 'Ali Fessi' <ali.fessi@uni-tuebingen.de>
References: <476837F7.8030608@uni-tuebingen.de> <E1J4k5p-0003IG-Hm@megatron.ietf.org>
Subject: RE: [P2PSIP] Re: HIP pros and cons
Date: Wed, 19 Dec 2007 14:32:07 -0500
Message-ID: <05c101c84275$d940d250$640fa8c0@cis.neustar.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: AchBuv8eTulYAi21R7WJrtw0bL2YcAAAhjoQAC4ShiA=
In-Reply-To: <E1J4k5p-0003IG-Hm@megatron.ietf.org>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ebru.winwebhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - brianrosen.net
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632
Cc: p2psip@ietf.org
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
Perhaps we store the CRL in the DHT. The problem you want to protect against is amenable to a non-real time CRL update mechanism, which is a solvable problem. If you wanted a near-instant revocation, then you need a real time access to an up to date CRL. Brian > -----Original Message----- > From: David Barrett [mailto:dbarrett@quinthar.com] > Sent: Tuesday, December 18, 2007 4:35 PM > To: 'Ali Fessi' > Cc: p2psip@ietf.org > Subject: RE: [P2PSIP] Re: HIP pros and cons > > And if I check the "save my password" checkbox that every client will > naturally provide? Then my identity is lost forever? > > One mitigation would be to make the certificates very short-lived: say, > daily. Then if I lose my laptop, then a hacker can impersonate me for the > rest of the day. (Though if AT&T took 24 hours to turn off your cell > phone > I'm not sure people would be satisfied by that.) > > However, then that means we need to re-enroll daily, and it's not really > an > "enrollment" server but rather a "reserve your name on the system for a > day" > server. > > To which we might add some sort of long-lived credentials on the > enrollment > server so -- if I forget to log on one day -- somebody can't hijack my > name. > > Then it becomes a full-fledged authenticate/authorize/enroll server that > we > need to check daily. > > Regardless, it still sounds an awful lot like a central authentication > server that needs to be consulted at the start of each session (and > periodically thereafter) to get onto the network. > > I don't think this is bad. I just think it's unavoidable. > > -david > > > -----Original Message----- > > From: Ali Fessi [mailto:ali.fessi@uni-tuebingen.de] > > Sent: Tuesday, December 18, 2007 1:13 PM > > To: David Barrett > > Cc: p2psip@ietf.org > > Subject: Re: [P2PSIP] Re: HIP pros and cons > > > > Hi David, > > > > David Barrett wrote: > > > Just curious, if my laptop gets stolen, will P2PSIP provide any > facility > > for > > > me to prevent the thief from making and receiving calls in my name? > > > > Once you have a certificate that you have received from the enrollment > > server, you can protect the private key that belongs to the certificate > > with a password on your local machine. > > > > So nobody will be able to steal your identity (well, except with a > > dictionary attack on your password). > > > > You don't need to contact one of the login servers here, except for > > verifying whether a peer certificate is in the revocation list. > > Certificate revocation is indeed a problem. > > > > > > Cheers, > > Ali > > > > > If so, how will that be done without a 24/7 realtime check to either a > > > centralized or federated server? > > > If we assume there's some kind of password, then that means there's > some > > > sort of password check. If we assume we can ban clients, then we need > > to > > > somehow record which clients are banned and check that. If we can > > revoke > > > certificates, then there's a certificate revocation list. > > > > > > Is there any way to support this seemingly obvious requirement -- the > > > requirement that I can prevent a thief from forever, undetectably > > > impersonating me -- without some sort of central, realtime, 24/7 > lookup? > > > > > > Or is the answer "to be determined" or "not our problem; we punt this > to > > > another layer"? > > > > > > -david > > > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www1.ietf.org/mailman/listinfo/p2psip _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Roy, Radhika R Dr CTR USA USAMC
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- [P2PSIP] HIP DHT interface (was HIP pros and cons) Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- [P2PSIP] RE: HIP DHT interface (was HIP pros and … Ahrenholz, Jeffrey M
- Re: [P2PSIP] RE: HIP DHT interface (was HIP pros … Ali Fessi
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Joakim Koskela
- Re: [P2PSIP] RE: HIP DHT interface (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons Palanisamy, Kandasamy (Kandasamy)
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Ahrenholz, Jeffrey M
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Fw: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- Re: [P2PSIP] Re: HIP pros and cons Ingmar Baumgart
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and … Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- [P2PSIP] HIP performance concerns (was HIP pros a… Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … David Barrett
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Philip Matthews
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Philip Matthews
- RE: [P2PSIP] HIP performance concerns (was HIP pr… Henderson, Thomas R
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Hannes Tschofenig
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Philip Matthews
- RE: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Henderson, Thomas R
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons Brian Rosen
- RE: [P2PSIP] Re: HIP pros and cons Brian Rosen
- RE: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] HIP performance concerns (was HIP pr… Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Dan York
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons Salman Abdul Baset
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- FW: [P2PSIP] Re: HIP pros and cons Andrey Lukyanenko