Re: [P2PSIP] Re: HIP pros and cons
Eric Rescorla <ekr@networkresonance.com> Fri, 21 December 2007 17:07 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5lL0-0003Tp-8j; Fri, 21 Dec 2007 12:07:06 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5lKy-0003Hi-Ss for p2psip@ietf.org; Fri, 21 Dec 2007 12:07:04 -0500
Received: from [74.95.2.173] (helo=romeo.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J5lKy-0003nN-EH for p2psip@ietf.org; Fri, 21 Dec 2007 12:07:04 -0500
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 6A1C35081A; Fri, 21 Dec 2007 09:06:41 -0800 (PST)
Date: Fri, 21 Dec 2007 09:06:40 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Miika Komu <miika@iki.fi>
Subject: Re: [P2PSIP] Re: HIP pros and cons
In-Reply-To: <Pine.SOL.4.64.0712211143540.12362@kekkonen.cs.hut.fi>
References: <E1J0dHW-0005ik-OT@megatron.ietf.org> <Pine.SOL.4.64.0712080222070.16938@kekkonen.cs.hut.fi> <20d2bdfb0712100856q74c042d2y665964605fb37c71@mail.gmail.com> <Pine.SOL.4.64.0712121240120.24969@kekkonen.cs.hut.fi> <20071212160813.3863033C6D@delta.rtfm.com> <Pine.SOL.4.64.0712130903370.6449@kekkonen.cs.hut.fi> <20071213163033.6EE1433C72@delta.rtfm.com> <Pine.SOL.4.64.0712132245590.24299@kekkonen.cs.hut.fi> <20071213205251.548E933C6D@delta.rtfm.com> <Pine.SOL.4.64.0712140903370.8063@kekkonen.cs.hut.fi> <20071214145748.E37DF33C6D@delta.rtfm.com> <Pine.SOL.4.64.0712171802480.17561@kekkonen.cs.hut.fi> <20071217164438.38F0433C53@delta.rtfm.com> <Pine.SOL.4.64.0712181822460.27900@kekkonen.cs.hut.fi> <02e101c8419c$8aac4b30$640fa8c0@cis.neustar.com> <Pine.SOL.4.64.0712181938300.18063@kekkonen.cs.hut.fi> <200712181818.lBIIIWv9003612@romeo.rtfm.com> <Pine.SOL.4.64.0712211143540.12362@kekkonen.cs.hut.fi>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20071221170641.6A1C35081A@romeo.rtfm.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc: p2psip@ietf.org
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
At Fri, 21 Dec 2007 11:51:02 +0200 (EET), Miika Komu wrote: > > On Tue, 18 Dec 2007, Eric Rescorla wrote: > > Eric, > > > At Tue, 18 Dec 2007 19:45:49 +0200 (EET), > > Miika Komu wrote: > >> > >> On Tue, 18 Dec 2007, Brian Rosen wrote: > >> > >> Hi Brian, > >> > >> thanks for the feedback. It seems like the alternative b is mandatory for > >> p2p-sip. Otherwise, then I don't see how you are going to avoid the use of > >> cryptographic certificates without compromising dht identifier security > >> and revocation. > >> > >> In alternative b, it is still possible to use host generated dht key > >> identifiers. > > > > Again, not if you want to use them as the locations in the DHT, > > because then you get chosen location attacks. > > Yes but it costs. I don't see the difference here with host vs. enrollment > server generated keys because the end-host can enroll several times until > it is satisfied with the id. What makes the difference is the cost. For the nth time, yes, but it requires a separate query to the enrollment server, which the enrollment server can throttle. This doesn't work if the enrollment server lets the peer propose the peer-id, since the peer can mount an offline attack on the location. Again, this is all in my slides from YVR. > Since I took the time to describe a detailed, step-by-step approach with > host generated identifiers, could you do the same with enrollment > server generated keys? Thanks. I don't propose using enrollment server generated keys. I propose separating cryptographic keys from peer-ids and using certificates to bind them together. This is described in fairly complete detail draft-bryan-p2psip-reload-02. > P.S. If you want to reference some work, please give the authors and > titles to the publication or URL instead of some acronyms. Thanks. I generally try to. If there's a particular one that wasn't clear lemme know and I'll send you a full reference. -Ekr _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Roy, Radhika R Dr CTR USA USAMC
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- [P2PSIP] HIP DHT interface (was HIP pros and cons) Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- [P2PSIP] RE: HIP DHT interface (was HIP pros and … Ahrenholz, Jeffrey M
- Re: [P2PSIP] RE: HIP DHT interface (was HIP pros … Ali Fessi
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Joakim Koskela
- Re: [P2PSIP] RE: HIP DHT interface (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Bruce Lowekamp
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons Palanisamy, Kandasamy (Kandasamy)
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Bruce Lowekamp
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Ahrenholz, Jeffrey M
- Re: [P2PSIP] HIP DHT interface (was HIP pros and … Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] HIP DHT interface (was HIP pros and … Henry Sinnreich
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Fw: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- RE: [P2PSIP] Re: HIP pros and cons Henry Sinnreich
- Re: [P2PSIP] Re: HIP pros and cons Wei Gengyu
- Re: [P2PSIP] Re: HIP pros and cons Ingmar Baumgart
- Re: [P2PSIP] Re: HIP pros and cons Philip Matthews
- [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and … Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- [P2PSIP] HIP performance concerns (was HIP pros a… Ali Fessi
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … David Barrett
- Re: [P2PSIP] Re: HIP pros and cons Spencer Dawkins
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Philip Matthews
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Philip Matthews
- RE: [P2PSIP] HIP performance concerns (was HIP pr… Henderson, Thomas R
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Hannes Tschofenig
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Philip Matthews
- RE: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Henderson, Thomas R
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons Brian Rosen
- RE: [P2PSIP] Re: HIP pros and cons Brian Rosen
- RE: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- RE: [P2PSIP] HIP performance concerns (was HIP pr… Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Dan York
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons Salman Abdul Baset
- Re: [P2PSIP] Re: HIP pros and cons Ali Fessi
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- RE: [P2PSIP] Re: HIP pros and cons David Barrett
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Miika Komu
- Re: [P2PSIP] Re: HIP pros and cons Miika Komu
- Re: [P2PSIP] HIP performance concerns (was HIP pr… Eric Rescorla
- Re: [P2PSIP] Re: HIP pros and cons Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Miika Komu
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros … Eric Rescorla
- FW: [P2PSIP] Re: HIP pros and cons Andrey Lukyanenko