[rtcweb] Identity and PSTN gateways
Harald Alvestrand <harald@alvestrand.no> Tue, 03 April 2012 12:58 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17FD21F879C for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 05:58:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1f2ifF5kyjh for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 05:58:58 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 5411C21F879B for <rtcweb@ietf.org>; Tue, 3 Apr 2012 05:58:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 9876A39E173 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plg4kSLGd2lk for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
Received: from [192.168.1.107] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 2478C39E146 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 14:58:52 +0200 (CEST)
Message-ID: <4F7AF40D.3010706@alvestrand.no>
Date: Tue, 03 Apr 2012 14:58:53 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [rtcweb] Identity and PSTN gateways
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 12:58:58 -0000
One thing that has come up repeatedly in the discussion is the claim that "you can't have a verified identity when you talk to someone via a telephone gateway" (and therefore <insert your favourite security mechanism here> is not needed / not an added benefit / other claim). I think this is a fallacy. Sure, as people have commented numerous times, telephone numbers are identities; they're being used as such every time someone prints them on a business card or a billboard. When you're connecting via a gateway to the PSTN, the gateway operator gives you a guarantee that you're being connected to the right person; that's what gateways are for. This makes for a fairly simple mapping to the "identity / identity provider" model we've been bandying about for the "full-blown" IdP / endpoint case: The identity is the telephone number. The identity provider (one of many possible ones for the number) is the gateway operator. Thus - if you call a telephone number via a gateway, you would perform a DTLS key exchange with the gateway, and an identity verification exchange with the gateway operator; you would then guarantee that the gateway operator vouches for this being a legitimate gateway function that you can reach for that number. That's just about the best guarantee you can get when talking to the telephone system. But if we're using the IdP + DTLS-SRTP version, the exchange guarantees you that: a) nobody is listening in between you and the gateway (even if they snooped your signalling) b) the gateway operator vouches for the gateway being the right gateway to reach that number Seems like a little bit better than what you get with SDES. Only a little. Harald
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Harald Alvestrand
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Lu, Hui-Lan (Huilan)
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Martin Thomson
- Re: [rtcweb] Identity and PSTN gateways Ravindran, Parthasarathi
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Roman Shpount
- Re: [rtcweb] Identity and PSTN gateways Olle E. Johansson
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Igor Faynberg
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup
- Re: [rtcweb] Identity and PSTN gateways Iñaki Baz Castillo
- Re: [rtcweb] Identity and PSTN gateways Randell Jesup