Re: [Rucus] Combatting SPIT using IKEv2
"Dan Wing" <dwing@cisco.com> Fri, 18 September 2009 17:43 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DA0728C211 for <rucus@core3.amsl.com>; Fri, 18 Sep 2009 10:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.479
X-Spam-Level:
X-Spam-Status: No, score=-6.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwigf0uZuDj6 for <rucus@core3.amsl.com>; Fri, 18 Sep 2009 10:43:13 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id DA7883A6B55 for <rucus@ietf.org>; Fri, 18 Sep 2009 10:43:12 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap0EAIRjs0qrR7PE/2dsb2JhbACKbawPiFABkBsFgi6BbYFd
X-IronPort-AV: E=Sophos;i="4.44,410,1249257600"; d="scan'208";a="391551846"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 18 Sep 2009 17:44:06 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id n8IHi6Zf001127; Fri, 18 Sep 2009 10:44:06 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n8IHi6Xt001092; Fri, 18 Sep 2009 17:44:06 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Sep 2009 10:44:05 -0700
Received: from dwingwxp01 ([10.32.240.198]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Sep 2009 10:44:05 -0700
From: Dan Wing <dwing@cisco.com>
To: 'Pars Mutaf' <pars.mutaf@gmail.com>
References: <18a603a60909110422t259efa7dj7f601535a6150391@mail.gmail.com> <021201ca37f4$fed39ef0$5da36b80@cisco.com> <18a603a60909181010q588a117am31b499c62986c217@mail.gmail.com>
Date: Fri, 18 Sep 2009 10:44:05 -0700
Message-ID: <053a01ca3887$9de37370$5da36b80@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Aco4gu79BXVLZxeKRoaU72M+LHHbSQABEtqw
In-Reply-To: <18a603a60909181010q588a117am31b499c62986c217@mail.gmail.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-OriginalArrivalTime: 18 Sep 2009 17:44:05.0504 (UTC) FILETIME=[9DF10800:01CA3887]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2491; t=1253295846; x=1254159846; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[Rucus]=20Combatting=20SPIT=20using=20I KEv2 |Sender:=20; bh=R67Df+9I8JkB2S6nW7WCJcJxmI954M4TD/rOny0YMN0=; b=rQDyX5Fj7Z1JlpZ7ccQu12ILhSoR/OnBDmyxfRlT8pT4aegBkXguhMHvP0 +pGoVhGGvtcKIry/kV+vcI0eYqWMlg2/M5LXLQnPomPh1wkCh6bECnc7BOO0 y9Q0u6E75y;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: 'Rucus BoF' <rucus@ietf.org>
Subject: Re: [Rucus] Combatting SPIT using IKEv2
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Reducing Unwanted Communication Using SIP \(RUCUS\)" <rucus.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 17:43:14 -0000
> -----Original Message----- > From: Pars Mutaf [mailto:pars.mutaf@gmail.com] > Sent: Friday, September 18, 2009 10:11 AM > To: Dan Wing > Cc: Rucus BoF > Subject: Re: [Rucus] Combatting SPIT using IKEv2 > > Hello, > > On Fri, Sep 18, 2009 at 3:14 AM, Dan Wing <dwing@cisco.com> wrote: > > > > > > > >> -----Original Message----- > >> From: rucus-bounces@ietf.org [mailto:rucus-bounces@ietf.org] > >> On Behalf Of Pars Mutaf > >> Sent: Friday, September 11, 2009 4:23 AM > >> To: Rucus BoF > >> Subject: [Rucus] Combatting SPIT using IKEv2 > >> > >> Dear all, > >> > >> I submitted a short I-D proposing IKEv2 extensions to combat SPIT. > >> Basically they are CAPTCHA and human name certificate extensions, > >> and target user approval. > >> > >> The draft can be found here: > >> > >> http://www.freewebs.com/pmutaf/draft-mutaf-spikev2-02.txt > >> > >> Comments are welcome > > > > One solution to SPIT is to require an IPsec SA (Security > Association) > > before a correspondent user opens a session with a target SIP URI. > > If later the correspondent user turns bad and sends SPIT, > the target > > user can remove the SA. > > > > I don't understand. So, I would send you an INVITE, and then you > > would challange me by doing ... <what>? > > > You will have to establish an IPsec security association (this is > required) with the target phone. So I would have to do IKE over the UDP media channel, I guess? That's certainly doable; afterall, that's what is described in draft-saito-mmusic-sdp-ike-05.txt. -d > Using IKE extensions, the target phone will challenge > you by asking > to solve a CAPTCHA. If you want to make commercial calls or > send messages to > hundreds of phones, you will have to solve hundreds of CAPTHCAs. > > CAPTCHAs cannot be solved by a machine, so you cannot automatically > send spam to many target phones. > > In addition to CAPTCHAs, my phone can also require your > certified identity > during the IKE negociation. In this case if I don't know you, > I can cancel IKE. > Since no IPsec security association is established, you can't call me > nor send IM. > > Thanks, > pars > > > > > -d > > > > > > > >> Regards, > >> > >> pars > >> _______________________________________________ > >> Rucus mailing list > >> Rucus@ietf.org > >> https://www.ietf.org/mailman/listinfo/rucus > > > >
- [Rucus] Combatting SPIT using IKEv2 Pars Mutaf
- Re: [Rucus] Combatting SPIT using IKEv2 Dan Wing
- Re: [Rucus] Combatting SPIT using IKEv2 Pars Mutaf
- Re: [Rucus] Combatting SPIT using IKEv2 Dan Wing