IETF Logo Mail Archive

Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Fri, 01 July 2011 11:47 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A8021F871C for <p2psip@ietfa.amsl.com>; Fri, 1 Jul 2011 04:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.576
X-Spam-Level:
X-Spam-Status: No, score=-106.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoICWPual8bq for <p2psip@ietfa.amsl.com>; Fri, 1 Jul 2011 04:47:58 -0700 (PDT)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by ietfa.amsl.com (Postfix) with ESMTP id B7A8E21F8716 for <p2psip@ietf.org>; Fri, 1 Jul 2011 04:47:57 -0700 (PDT)
X-AuditID: c1b4fb39-b7bfdae000005125-29-4e0db3ec21ba
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw9.se.ericsson.net (Symantec Mail Security) with SMTP id 1E.D9.20773.CE3BD0E4; Fri, 1 Jul 2011 13:47:56 +0200 (CEST)
Received: from [131.160.126.185] (153.88.115.8) by esessmw0197.eemea.ericsson.se (153.88.115.88) with Microsoft SMTP Server id 8.3.137.0; Fri, 1 Jul 2011 13:47:56 +0200
Message-ID: <4E0DB3EC.1040705@ericsson.com>
Date: Fri, 1 Jul 2011 14:47:56 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Marc Petit-Huguenin <petithug@acm.org>
References: <BANLkTikuy8qpZ42Zod1YK2+iYv1ib6=Yag@mail.gmail.com> <1307629878.30919.87.camel@toedo> <4DF0FD49.3020505@acm.org> <1307641649.5184.17.camel@santeles> <4E00F7CE.7080402@acm.org>
In-Reply-To: <4E00F7CE.7080402@acm.org>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Cc: P2PSIP WG <p2psip@ietf.org>
Subject: Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2011 11:47:59 -0000

Hi,

please, let me know whether or not these modifications will be included
in the base draft at this point.

Thanks,

Gonzalo

On 21/06/2011 10:58 PM, Marc Petit-Huguenin wrote:
> I read the paper and this modification makes sense to me (for example without
> this modification a peer that is purely used for routing and storage purpose,
> like a bootstrap peer, had to invent a valid, unique, and useless username just
> to acquire a certificate).
> 
> So I support its inclusion in draft-ietf-p2psip-base.
> 
> On 06/09/2011 10:47 AM, Diego Suarez wrote:
>> I think it would require a (slight) modification in the base document.
>> Current P2PSIP certification model is based on a single PKC (including
>> both usernames and nodeIDs) that uniquely identifies a user and her
>> devices. On the other hand, our model is base on a split certification.
>> Devices and users are independent. Each device has its own PKC including
>> a nodeID and a PK. Similarly, each user has her own PKC including her
>> username and a PK. This approach do not prevent a centralized entity
>> (such as an offline CA) to have information related to the devices each
>> user (or company, etc.) has registered, but permits, among other
>> improvements, a user to be connected to the system through devices she
>> has not registered herself such as a phone issued by a telco or a fixed
>> phone in a laboratory shared by all the members of a research group.
> 
> 
>> On Thu, 2011-06-09 at 10:05 -0700, Marc Petit-Huguenin wrote:
>> Does this model really required modifications in the base document, or can it be
>> designed as an extension?  (Unfortunately the paper is not freely available, so
>> it is difficult to know really what is needed for this).
> 
>> On 06/09/2011 07:31 AM, Diego Suarez wrote:
>>>>> Hi, 
>>>>>
>>>>> I had in mind writing a draft about this, but since I'm running out of
>>>>> time, I would like to summarize a new certification model for P2PSIP I
>>>>> have been working on, in case it is of interest for the group.
>>>>> Further details can be found in paper:
>>>>>
>>>>> D. Touceda, J. Camara, L. Villalba, and J. Marquez, Advantages of
>>>>> identity certificate segregation in P2PSIP systems, Communications,
>>>>> IET, vol. 5, pp. 879889, Apr. 2011.
>>>>>
>>>>>
>>>>> The idea is to split the certification of users and devices. Devices are
>>>>> identified by PKCs including a nodeID and the PK of the device, while
>>>>> users are identified by PKCs including a username and the PK of the
>>>>> user. Similar models have been used before in other communications
>>>>> systems, such as GSM where devices and users are separately represented
>>>>> by the international mobile equipment identity (IMEI) stored in the
>>>>> phones and the international mobile subscriber identity (IMSI) stored in
>>>>> the user subscriber identity module (SIM), respectively.
>>>>>
>>>>> Motivations of this model are:
>>>>>
>>>>> - Users and devices are different entities performing different
>>>>> roles within a P2PSIP system. Devices are nodes of the P2P
>>>>> overlay network (represented by a nodeID) that offer services
>>>>> (to route messages, to store data, . . .) to the system, while
>>>>> users (represented by an username) utilize these services,
>>>>> usually to establish media communications using SIP.
>>>>>
>>>>> - Support for mobility scenarios where a user may be logged at different
>>>>> devices at the same time using the same PKC.
>>>>>
>>>>> - Support several users to be logged in the same device (like a fixed
>>>>> phone) at the same time.
>>>>>
>>>>> - Support for user independent hard-coded devices.
>>>>>
>>>>> - Interoperability with SIP. SIP certificates are not valid in actual
>>>>> P2PSIP since they don't include a nodeID.
>>>>>
>>>>> cheers
>>>>>
>>>>> Diego Suárez
>>>>>
>>>>>
>>>>> On Wed, 2011-06-08 at 09:48 -0700, David A. Bryan wrote:
>>>>>> Unless something major comes up, we plan to request the newest version
>>>>>> of the base draft, draft-ietf-p2psip-base-15, be published. I'll put
>>>>>> in the request in a week (June 16th or 17th). If there are any further
>>>>>> comments from the last call a while ago (or further comments on the
>>>>>> comments since then), please send them to the list ASAP.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> David (as chair)
>>>>>> _______________________________________________
>>>>>> P2PSIP mailing list
>>>>>> P2PSIP@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/p2psip
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> P2PSIP mailing list
>>>>> P2PSIP@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/p2psip
> 
> 
> 
_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www.ietf.org/mailman/listinfo/p2psip

v2.8.7 | Report a Bug | By Email