IETF Logo Mail Archive

Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Fri, 08 July 2011 11:37 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 523DE21F87E7 for <p2psip@ietfa.amsl.com>; Fri, 8 Jul 2011 04:37:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.634
X-Spam-Level:
X-Spam-Status: No, score=-106.634 tagged_above=-999 required=5 tests=[AWL=-0.035, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UP1KLlWTvzjg for <p2psip@ietfa.amsl.com>; Fri, 8 Jul 2011 04:37:35 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by ietfa.amsl.com (Postfix) with ESMTP id 10FA221F87CD for <p2psip@ietf.org>; Fri, 8 Jul 2011 04:37:34 -0700 (PDT)
X-AuditID: c1b4fb3d-b7c17ae00000262e-55-4e16ebfdb72f
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id D4.B2.09774.DFBE61E4; Fri, 8 Jul 2011 13:37:34 +0200 (CEST)
Received: from [131.160.36.41] (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.137.0; Fri, 8 Jul 2011 13:37:33 +0200
Message-ID: <4E16EBFD.3000203@ericsson.com>
Date: Fri, 8 Jul 2011 14:37:33 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: P2PSIP WG <p2psip@ietf.org>
References: <BANLkTikuy8qpZ42Zod1YK2+iYv1ib6=Yag@mail.gmail.com> <1307629878.30919.87.camel@toedo> <4DF0FD49.3020505@acm.org> <1307641649.5184.17.camel@santeles> <4E00F7CE.7080402@acm.org> <4E0DB3EC.1040705@ericsson.com>
In-Reply-To: <4E0DB3EC.1040705@ericsson.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Subject: Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 11:37:36 -0000

Hi,

I have just requested an IETF LC for this draft. Therefore, these
comments will be considered as IETF LC comments.

Cheers,

Gonzalo

On 01/07/2011 2:47 PM, Gonzalo Camarillo wrote:
> Hi,
> 
> please, let me know whether or not these modifications will be included
> in the base draft at this point.
> 
> Thanks,
> 
> Gonzalo
> 
> On 21/06/2011 10:58 PM, Marc Petit-Huguenin wrote:
>> I read the paper and this modification makes sense to me (for example without
>> this modification a peer that is purely used for routing and storage purpose,
>> like a bootstrap peer, had to invent a valid, unique, and useless username just
>> to acquire a certificate).
>>
>> So I support its inclusion in draft-ietf-p2psip-base.
>>
>> On 06/09/2011 10:47 AM, Diego Suarez wrote:
>>> I think it would require a (slight) modification in the base document.
>>> Current P2PSIP certification model is based on a single PKC (including
>>> both usernames and nodeIDs) that uniquely identifies a user and her
>>> devices. On the other hand, our model is base on a split certification.
>>> Devices and users are independent. Each device has its own PKC including
>>> a nodeID and a PK. Similarly, each user has her own PKC including her
>>> username and a PK. This approach do not prevent a centralized entity
>>> (such as an offline CA) to have information related to the devices each
>>> user (or company, etc.) has registered, but permits, among other
>>> improvements, a user to be connected to the system through devices she
>>> has not registered herself such as a phone issued by a telco or a fixed
>>> phone in a laboratory shared by all the members of a research group.
>>
>>
>>> On Thu, 2011-06-09 at 10:05 -0700, Marc Petit-Huguenin wrote:
>>> Does this model really required modifications in the base document, or can it be
>>> designed as an extension?  (Unfortunately the paper is not freely available, so
>>> it is difficult to know really what is needed for this).
>>
>>> On 06/09/2011 07:31 AM, Diego Suarez wrote:
>>>>>> Hi, 
>>>>>>
>>>>>> I had in mind writing a draft about this, but since I'm running out of
>>>>>> time, I would like to summarize a new certification model for P2PSIP I
>>>>>> have been working on, in case it is of interest for the group.
>>>>>> Further details can be found in paper:
>>>>>>
>>>>>> D. Touceda, J. Camara, L. Villalba, and J. Marquez, Advantages of
>>>>>> identity certificate segregation in P2PSIP systems, Communications,
>>>>>> IET, vol. 5, pp. 879889, Apr. 2011.
>>>>>>
>>>>>>
>>>>>> The idea is to split the certification of users and devices. Devices are
>>>>>> identified by PKCs including a nodeID and the PK of the device, while
>>>>>> users are identified by PKCs including a username and the PK of the
>>>>>> user. Similar models have been used before in other communications
>>>>>> systems, such as GSM where devices and users are separately represented
>>>>>> by the international mobile equipment identity (IMEI) stored in the
>>>>>> phones and the international mobile subscriber identity (IMSI) stored in
>>>>>> the user subscriber identity module (SIM), respectively.
>>>>>>
>>>>>> Motivations of this model are:
>>>>>>
>>>>>> - Users and devices are different entities performing different
>>>>>> roles within a P2PSIP system. Devices are nodes of the P2P
>>>>>> overlay network (represented by a nodeID) that offer services
>>>>>> (to route messages, to store data, . . .) to the system, while
>>>>>> users (represented by an username) utilize these services,
>>>>>> usually to establish media communications using SIP.
>>>>>>
>>>>>> - Support for mobility scenarios where a user may be logged at different
>>>>>> devices at the same time using the same PKC.
>>>>>>
>>>>>> - Support several users to be logged in the same device (like a fixed
>>>>>> phone) at the same time.
>>>>>>
>>>>>> - Support for user independent hard-coded devices.
>>>>>>
>>>>>> - Interoperability with SIP. SIP certificates are not valid in actual
>>>>>> P2PSIP since they don't include a nodeID.
>>>>>>
>>>>>> cheers
>>>>>>
>>>>>> Diego Suárez
>>>>>>
>>>>>>
>>>>>> On Wed, 2011-06-08 at 09:48 -0700, David A. Bryan wrote:
>>>>>>> Unless something major comes up, we plan to request the newest version
>>>>>>> of the base draft, draft-ietf-p2psip-base-15, be published. I'll put
>>>>>>> in the request in a week (June 16th or 17th). If there are any further
>>>>>>> comments from the last call a while ago (or further comments on the
>>>>>>> comments since then), please send them to the list ASAP.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> David (as chair)
>>>>>>> _______________________________________________
>>>>>>> P2PSIP mailing list
>>>>>>> P2PSIP@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/p2psip
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> P2PSIP mailing list
>>>>>> P2PSIP@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/p2psip
>>
>>
>>
> _______________________________________________
> P2PSIP mailing list
> P2PSIP@ietf.org
> https://www.ietf.org/mailman/listinfo/p2psip
> 
> _______________________________________________
> P2PSIP mailing list
> P2PSIP@ietf.org
> https://www.ietf.org/mailman/listinfo/p2psip

v2.8.7 | Report a Bug | By Email