Re: [Rucus] Combatting SPIT using IKEv2
Pars Mutaf <pars.mutaf@gmail.com> Fri, 18 September 2009 17:09 UTC
Return-Path: <pars.mutaf@gmail.com>
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 185B33A685B for <rucus@core3.amsl.com>; Fri, 18 Sep 2009 10:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vvVDKP9hJbPD for <rucus@core3.amsl.com>; Fri, 18 Sep 2009 10:09:40 -0700 (PDT)
Received: from mail-ew0-f207.google.com (mail-ew0-f207.google.com [209.85.219.207]) by core3.amsl.com (Postfix) with ESMTP id DFCF93A67F0 for <rucus@ietf.org>; Fri, 18 Sep 2009 10:09:39 -0700 (PDT)
Received: by ewy3 with SMTP id 3so761712ewy.42 for <rucus@ietf.org>; Fri, 18 Sep 2009 10:10:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=OXdhj40NVyiJtLX10PvkFMCEUA43iZ+mSA7I4QCE2KI=; b=HB1gG7aukixQ76fPY+y9azLtSJ6k0NxRi6M6yWo+b2PydZwlizj23O/hKUxs6EZgPe 7wBG5RaQE3G1+ttuuNygDhPGVUd/r7Q3m29MA+tXuMyavv6RfEh3HkfSchSyVOjncNA0 3lt8mma1lH3tyKcfGbgt+BfrsKPOyNnOwqMpM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=E89h7X99CZcYqQezFKgcHw3vxU1hOdd1hKYFdO7wDnfxCevyDzrhaX7MZPmjAl4kYv DRQivaDcgcmxoR7pyGRiVs8Qvm0kaSO0fWj2B7b+hwyINUIJgopM2RlRlfjp3xe8FeLF aeAIihJrVNI5SCx2GcwaUOQkOnsYctcPdoSws=
MIME-Version: 1.0
Received: by 10.211.155.20 with SMTP id h20mr1318202ebo.44.1253293831188; Fri, 18 Sep 2009 10:10:31 -0700 (PDT)
In-Reply-To: <021201ca37f4$fed39ef0$5da36b80@cisco.com>
References: <18a603a60909110422t259efa7dj7f601535a6150391@mail.gmail.com> <021201ca37f4$fed39ef0$5da36b80@cisco.com>
Date: Fri, 18 Sep 2009 20:10:31 +0300
Message-ID: <18a603a60909181010q588a117am31b499c62986c217@mail.gmail.com>
From: Pars Mutaf <pars.mutaf@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Rucus BoF <rucus@ietf.org>
Subject: Re: [Rucus] Combatting SPIT using IKEv2
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Reducing Unwanted Communication Using SIP \(RUCUS\)" <rucus.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 17:09:41 -0000
Hello, On Fri, Sep 18, 2009 at 3:14 AM, Dan Wing <dwing@cisco.com> wrote: > > > >> -----Original Message----- >> From: rucus-bounces@ietf.org [mailto:rucus-bounces@ietf.org] >> On Behalf Of Pars Mutaf >> Sent: Friday, September 11, 2009 4:23 AM >> To: Rucus BoF >> Subject: [Rucus] Combatting SPIT using IKEv2 >> >> Dear all, >> >> I submitted a short I-D proposing IKEv2 extensions to combat SPIT. >> Basically they are CAPTCHA and human name certificate extensions, >> and target user approval. >> >> The draft can be found here: >> >> http://www.freewebs.com/pmutaf/draft-mutaf-spikev2-02.txt >> >> Comments are welcome > > One solution to SPIT is to require an IPsec SA (Security Association) > before a correspondent user opens a session with a target SIP URI. > If later the correspondent user turns bad and sends SPIT, the target > user can remove the SA. > > I don't understand. So, I would send you an INVITE, and then you > would challange me by doing ... <what>? You will have to establish an IPsec security association (this is required) with the target phone. Using IKE extensions, the target phone will challenge you by asking to solve a CAPTCHA. If you want to make commercial calls or send messages to hundreds of phones, you will have to solve hundreds of CAPTHCAs. CAPTCHAs cannot be solved by a machine, so you cannot automatically send spam to many target phones. In addition to CAPTCHAs, my phone can also require your certified identity during the IKE negociation. In this case if I don't know you, I can cancel IKE. Since no IPsec security association is established, you can't call me nor send IM. Thanks, pars > > -d > > > >> Regards, >> >> pars >> _______________________________________________ >> Rucus mailing list >> Rucus@ietf.org >> https://www.ietf.org/mailman/listinfo/rucus > >
- [Rucus] Combatting SPIT using IKEv2 Pars Mutaf
- Re: [Rucus] Combatting SPIT using IKEv2 Dan Wing
- Re: [Rucus] Combatting SPIT using IKEv2 Pars Mutaf
- Re: [Rucus] Combatting SPIT using IKEv2 Dan Wing