[rtcweb] Identity and PSTN gateways
Harald Alvestrand <harald@alvestrand.no> Tue, 03 April 2012 12:58 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17FD21F879C for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 05:58:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1f2ifF5kyjh for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 05:58:58 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 5411C21F879B for <rtcweb@ietf.org>; Tue, 3 Apr 2012 05:58:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 9876A39E173 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plg4kSLGd2lk for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
Received: from [192.168.1.107] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 2478C39E146 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
Message-ID: <4F7AF40D.3010706@alvestrand.no>
Date: Tue, 03 Apr 2012 14:58:53 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [rtcweb] Identity and PSTN gateways
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 12:58:58 -0000
One thing that has come up repeatedly in the discussion is the claim
that "you can't have a verified identity when you talk to someone via a
telephone gateway" (and therefore <insert your favourite security
mechanism here> is not needed / not an added benefit / other claim).
I think this is a fallacy.
Sure, as people have commented numerous times, telephone numbers are
identities; they're being used as such every time someone prints them on
a business card or a billboard.
When you're connecting via a gateway to the PSTN, the gateway operator
gives you a guarantee that you're being connected to the right person;
that's what gateways are for.
This makes for a fairly simple mapping to the "identity / identity
provider" model we've been bandying about for the "full-blown" IdP /
endpoint case:
The identity is the telephone number.
The identity provider (one of many possible ones for the number) is the
gateway operator.
Thus - if you call a telephone number via a gateway, you would perform a
DTLS key exchange with the gateway, and an identity verification
exchange with the gateway operator; you would then guarantee that the
gateway operator vouches for this being a legitimate gateway function
that you can reach for that number.
That's just about the best guarantee you can get when talking to the
telephone system. But if we're using the IdP + DTLS-SRTP version, the
exchange guarantees you that:
a) nobody is listening in between you and the gateway (even if they
snooped your signalling)
b) the gateway operator vouches for the gateway being the right gateway
to reach that number
Seems like a little bit better than what you get with SDES. Only a little.
Harald
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Lu, Hui-Lan (Huilan)
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Ravindran, Parthasarathi
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Igor Faynberg
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup