Re: [rtcweb] Identity and PSTN gateways
"Olle E. Johansson" <oej@edvina.net> Tue, 03 April 2012 13:05 UTC
Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8C911E8087 for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 06:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YjqBkIyMXWq4 for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 06:05:30 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id 63E3811E8088 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 06:05:29 -0700 (PDT)
Received: from [192.168.40.89] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id 25192754A8AA; Tue, 3 Apr 2012 13:05:27 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <4F7AF40D.3010706@alvestrand.no>
Date: Tue, 03 Apr 2012 15:05:26 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <A61DB206-1B56-44B5-AADE-E4A820D76B93@edvina.net>
References: <4F7AF40D.3010706@alvestrand.no>
To: Harald Alvestrand <harald@alvestrand.no>
X-Mailer: Apple Mail (2.1257)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Identity and PSTN gateways
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 13:05:31 -0000
3 apr 2012 kl. 14:58 skrev Harald Alvestrand: > One thing that has come up repeatedly in the discussion is the claim that "you can't have a verified identity when you talk to someone via a telephone gateway" (and therefore <insert your favourite security mechanism here> is not needed / not an added benefit / other claim). > > I think this is a fallacy. > > Sure, as people have commented numerous times, telephone numbers are identities; they're being used as such every time someone prints them on a business card or a billboard. > > When you're connecting via a gateway to the PSTN, the gateway operator gives you a guarantee that you're being connected to the right person; that's what gateways are for. > > This makes for a fairly simple mapping to the "identity / identity provider" model we've been bandying about for the "full-blown" IdP / endpoint case: > > The identity is the telephone number. > The identity provider (one of many possible ones for the number) is the gateway operator. > > Thus - if you call a telephone number via a gateway, you would perform a DTLS key exchange with the gateway, and an identity verification exchange with the gateway operator; you would then guarantee that the gateway operator vouches for this being a legitimate gateway function that you can reach for that number. > > That's just about the best guarantee you can get when talking to the telephone system. But if we're using the IdP + DTLS-SRTP version, the exchange guarantees you that: > a) nobody is listening in between you and the gateway (even if they snooped your signalling) > b) the gateway operator vouches for the gateway being the right gateway to reach that number > > Seems like a little bit better than what you get with SDES. Only a little. Now we will have to separate "PSTN-emulating" gateways that accept calls to all phone numbers but play a prompt saying "You gotta be kidding me - calling a phone number?" from REAL gateways that have a connection to the PSTN world. Will guys connecting with SS7 have a certificate signed by the ITU as a "TRUE" PSTN provider and the voip guy in the basement next door just have a "Best effort fourth-tier PSTN service" certificate? I think that any identity of any PSTN gateway just identifies the gateway as a server. Not as a service. /O
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Lu, Hui-Lan (Huilan)
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Ravindran, Parthasarathi
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Igor Faynberg
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup