IETF Logo Mail Archive

Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]

Diego Suarez <loopp2psip@gmail.com> Thu, 09 June 2011 17:47 UTC

Return-Path: <loopp2psip@gmail.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA6E11E80BB for <p2psip@ietfa.amsl.com>; Thu, 9 Jun 2011 10:47:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0nJhWfL0CCSv for <p2psip@ietfa.amsl.com>; Thu, 9 Jun 2011 10:47:41 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id BD8E411E80BA for <p2psip@ietf.org>; Thu, 9 Jun 2011 10:47:40 -0700 (PDT)
Received: by wyb29 with SMTP id 29so1473916wyb.31 for <p2psip@ietf.org>; Thu, 09 Jun 2011 10:47:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:from:to:cc:in-reply-to:references :content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; bh=htq8zfkoX2+ZVqTllZHlFhU/HK04ibGtbvb5G5xvJ7M=; b=URMdJd1RGINYgCGoXe5EeYNjkkAjMUd3tpwTMnxYO94odoRXCrxBkcS17h2MYmCDte DcsQ2z1e3JGU6ouX3f4ENzXK4M080xovVeM+hSQ4/Np2j+YzSkfPKvzdx8wurXvvPUW/ pHc588mZRWk+EORcsxAm65TyVIcnL67bJhoUM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=fEI+IMt3cumI2vU+dD2/SRazZSL4gw/jShfP+dm1zKQ72XeTNmJSdnwbu5tP8lZbCc P+6EJ9M5N8CMvIZHCmouYYgvbyEjAK8V/j8/dCk4vrNjQjf07OoxnF3t4Fb7HK8hsA+C Ez++Yu7t3g1mzCtO6O5NPP+zC5zZPnKgiRp7E=
Received: by 10.216.69.7 with SMTP id m7mr1101865wed.46.1307641659607; Thu, 09 Jun 2011 10:47:39 -0700 (PDT)
Received: from [192.168.1.3] (164.2.20.95.dynamic.jazztel.es [95.20.2.164]) by mx.google.com with ESMTPS id f73sm975633wef.43.2011.06.09.10.47.37 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 09 Jun 2011 10:47:38 -0700 (PDT)
From: Diego Suarez <loopp2psip@gmail.com>
To: Marc Petit-Huguenin <petithug@acm.org>
In-Reply-To: <4DF0FD49.3020505@acm.org>
References: <BANLkTikuy8qpZ42Zod1YK2+iYv1ib6=Yag@mail.gmail.com> <1307629878.30919.87.camel@toedo> <4DF0FD49.3020505@acm.org>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 09 Jun 2011 19:47:29 +0200
Message-ID: <1307641649.5184.17.camel@santeles>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 8bit
Cc: P2PSIP WG <p2psip@ietf.org>
Subject: Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2011 17:47:42 -0000

I think it would require a (slight) modification in the base document.
Current P2PSIP certification model is based on a single PKC (including
both usernames and nodeIDs) that uniquely identifies a user and her
devices. On the other hand, our model is base on a split certification.
Devices and users are independent. Each device has its own PKC including
a nodeID and a PK. Similarly, each user has her own PKC including her
username and a PK. This approach do not prevent a centralized entity
(such as an offline CA) to have information related to the devices each
user (or company, etc.) has registered, but permits, among other
improvements, a user to be connected to the system through devices she
has not registered herself such as a phone issued by a telco or a fixed
phone in a laboratory shared by all the members of a research group.


On Thu, 2011-06-09 at 10:05 -0700, Marc Petit-Huguenin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Does this model really required modifications in the base document, or can it be
> designed as an extension?  (Unfortunately the paper is not freely available, so
> it is difficult to know really what is needed for this).
> 
> On 06/09/2011 07:31 AM, Diego Suarez wrote:
> > Hi, 
> > 
> > I had in mind writing a draft about this, but since I'm running out of
> > time, I would like to summarize a new certification model for P2PSIP I
> > have been working on, in case it is of interest for the group.
> > Further details can be found in paper:
> > 
> > D. Touceda, J. Camara, L. Villalba, and J. Marquez, “Advantages of
> > identity certificate segregation in P2PSIP systems,” Communications,
> > IET, vol. 5, pp. 879–889, Apr. 2011.
> > 
> > 
> > The idea is to split the certification of users and devices. Devices are
> > identified by PKCs including a nodeID and the PK of the device, while
> > users are identified by PKCs including a username and the PK of the
> > user. Similar models have been used before in other communications
> > systems, such as GSM where devices and users are separately represented
> > by the international mobile equipment identity (IMEI) stored in the
> > phones and the international mobile subscriber identity (IMSI) stored in
> > the user subscriber identity module (SIM), respectively.
> > 
> > Motivations of this model are:
> > 
> > - Users and devices are different entities performing different
> > roles within a P2PSIP system. Devices are nodes of the P2P
> > overlay network (represented by a nodeID) that offer services
> > (to route messages, to store data, . . .) to the system, while
> > users (represented by an username) utilize these services,
> > usually to establish media communications using SIP.
> > 
> > - Support for mobility scenarios where a user may be logged at different
> > devices at the same time using the same PKC.
> > 
> > - Support several users to be logged in the same device (like a fixed
> > phone) at the same time.
> > 
> > - Support for user independent hard-coded devices.
> > 
> > - Interoperability with SIP. SIP certificates are not valid in actual
> > P2PSIP since they don't include a nodeID.
> > 
> > cheers
> > 
> > Diego Suárez
> > 
> > 
> > On Wed, 2011-06-08 at 09:48 -0700, David A. Bryan wrote:
> >> Unless something major comes up, we plan to request the newest version
> >> of the base draft, draft-ietf-p2psip-base-15, be published. I'll put
> >> in the request in a week (June 16th or 17th). If there are any further
> >> comments from the last call a while ago (or further comments on the
> >> comments since then), please send them to the list ASAP.
> >>
> >> Thanks,
> >>
> >> David (as chair)
> >> _______________________________________________
> >> P2PSIP mailing list
> >> P2PSIP@ietf.org
> >> https://www.ietf.org/mailman/listinfo/p2psip
> > 
> > 
> > _______________________________________________
> > P2PSIP mailing list
> > P2PSIP@ietf.org
> > https://www.ietf.org/mailman/listinfo/p2psip
> 
> 
> - -- 
> Marc Petit-Huguenin
> Personal email: marc@petit-huguenin.org
> Professional email: petithug@acm.org
> Blog: http://blog.marc.petit-huguenin.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iEYEARECAAYFAk3w/UMACgkQ9RoMZyVa61ctqACfTdnpLBUDY3GqmcHvcT41ncRS
> 3r0An3YjUnCnMv4Rg/a91pra/xZFiGj6
> =NiCK
> -----END PGP SIGNATURE-----

v2.8.7 | Report a Bug | By Email