Re: [Sip] comments on draft-kupwade-sip-iba-00
Dean Willis <dean.willis@softarmor.com> Fri, 29 February 2008 04:22 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69E6E3A6A90; Thu, 28 Feb 2008 20:22:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.292
X-Spam-Level:
X-Spam-Status: No, score=-0.292 tagged_above=-999 required=5 tests=[AWL=-0.455, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_32=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDNIXB7Yf3zt; Thu, 28 Feb 2008 20:22:05 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E36D3A68A0; Thu, 28 Feb 2008 20:22:05 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC6ED3A67A9 for <sip@core3.amsl.com>; Thu, 28 Feb 2008 20:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxbvqZqaVm6O for <sip@core3.amsl.com>; Thu, 28 Feb 2008 20:22:03 -0800 (PST)
Received: from nylon.softarmor.com (nylon.softarmor.com [66.135.38.164]) by core3.amsl.com (Postfix) with ESMTP id D73663A6A07 for <sip@ietf.org>; Thu, 28 Feb 2008 20:22:01 -0800 (PST)
Received: from [192.168.2.100] (cpe-76-185-142-113.tx.res.rr.com [76.185.142.113] (may be forged)) (authenticated bits=0) by nylon.softarmor.com (8.13.8/8.13.8/Debian-3) with ESMTP id m1T4K6fQ022264 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 28 Feb 2008 22:20:08 -0600
Message-Id: <4A3E0A4C-46D1-4DAF-B2A0-1A6AF3370C1F@softarmor.com>
From: Dean Willis <dean.willis@softarmor.com>
To: Michael Thomas <mat@cisco.com>
In-Reply-To: <47C7160A.9030606@cisco.com>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Thu, 28 Feb 2008 22:20:01 -0600
References: <20080227170702.5A5C05081A@romeo.rtfm.com> <132324.81291.qm@web65509.mail.ac4.yahoo.com> <20080227171901.8EAE95081A@romeo.rtfm.com> <47C7017D.5020301@softarmor.com> <20080228191408.677435081A@romeo.rtfm.com> <47C7160A.9030606@cisco.com>
X-Mailer: Apple Mail (2.919.2)
Cc: sip@ietf.org
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
On Feb 28, 2008, at 2:14 PM, Michael Thomas wrote: > Eric Rescorla wrote: >> At Thu, 28 Feb 2008 12:46:21 -0600, >> Dean Willis wrote: >> >>> >>> A global or semi-global KG makes excellent sense in large domains, >>> especially where there are significant resource constraints. >>> > > Are we talking about a trust anchor that isn't DNS and isn't shipped > in > web browsers currently? Yes. It would be a trust anchor that would be bound on enrollment in the domain, such as when signing up to use a P2p service, or buying a mobile phone SIM. One could perhaps bootstrap it from DNS, perhaps using a conventional cert as a trust anchor for the process. Here's a possible sequence: browse to https://p2psip.example.com. Complete an enrollment form. Receive a SIP URI and a private key. Later on, launch your P2PSIP client and connect to the overlay. Sign the PUT request for your registration using your private key. The peer you;re talking to can check the signature and validate your identity without having to retrieve your public key > >>> Consider, for example, the 3GPP world of GSM phones. A KG hierarchy >>> rooted at the GSMA with each operator then having a subordinate KG >>> could >>> make a lot of sense. We could get end-to-end security with >>> significantly >>> fewer bits being transmitted than if users had to send copies of >>> their >>> certificates along with every message. >>> >>> Similar characteristics apply in peer-to-peer cases. The enrollment >>> process could include a KG interaction. The resulting identity >>> could be >>> used with IBS for node identification in the overlay as well as >>> message >>> source verification ("identity" in and RFC 4474 context). This helps >>> prevent a number of the easy attacks on P2P infrastructure. >>> >> >> Yes, and this is all equally possible with PKI systems. As I >> said at the beginning, the only thing that IBS is bringing >> to the party here is a smaller credential. As far as I'm >> awre, the size of the cert is not the primary reason for lack >> of adoption of any of these schemes >> Again, what does IBS bring to the party except compression? [0]. >> > > I just read through this too and I saw that in the abstract, and > also thought the size of credentials might be "a problem" but isn't > "THE PROBLEM" with deployment. > > Reading (quickly) through draft, I didn't get a sense for what > other problems this solves if any. I'll mention that in addition to > compression you can also use other methods to make key/name > bindings too which don't rely on krufty ASN.1 blobs to make > the point. True. There are a lot of other problems with "deployment" that crop up. Many are of "perfect is the enemy of good enough". Nobody really wants to "run a CA", what with all the dire warnings about the responsibility and all the key management issues, and questions about what those certs are going to be used for, and so on. But nobody seems to be all that averse to running a password database for authentication. We could easily envision a simple web-service API for PKG services that bootstraps off a secured HTML page and a password database, and use that to launch a production system that would be considered "very deployable" and easy to operate. We could probably also do the same sort of thing with a CA instead of a PKG. It SEEMS easy enough. But nobody does it. Why? > >> >>> And of >>> course, IBE could provide for message privacy as well as integrity >>> across the untrusted peers that will be serving as proxies. >>> >> >> And now we're talking about something totally different: IBE. >> I agree that IBE has significantly different characteristics from >> PKI. The problems with IBE in SIP are totally different: namely >> not knowing the actual identity of the recipietn of the message. >> This is the norm in both SIP (retargeting) and P2P (churn) >> systems. >> > > So there's no majick here seemingly. Darn. Actually, there's no reason you can't know the identity of the recipient of a message. You may not know it in advance of them actually receiving the message, but given that they have a key that's meaningful to you, they can sign a response to the message. They could potentially even sign a response to a message that they couldn't actually understand fully -- all they need to know is enough to get the response back to you, along with a copy of the message. We've considered "response identity" a hard problem in SIP. There are a couple of reasons: 1) We assume SIP UAs do not have keys that are meaningful to each other, due to the difficulty of solving "the CA problem", so end-user verification is not available. 2) We assume servers rely on HTTP digest authentication to establish an identity relationship. Since digest authentication applies only to requests and not responses, identity services only work on requests. Of course, draft-ietf-sip-outbound makes it feasible for an identity server to be colocated with the "outbound proxy", thereby giving it the option of a persistent TLS connection to the UA from which identity could reasonably be inserted in responses. But we haven't internalized this yet (and "outbound" remains hung up in the process). So John Elwell's draft relies on the authentication of messages in the opposing direction, giving us "connected identity" instead of "response identity". This only works in a subset of cases. 3) We have the unanticipated respondent problem. Somebody on the path can retarget requests to somebody with whom you have no prior relationship, making any authentication of the recipient a dicey proposition. Of course, in an IB-system, everybody has some prior relationship (via whatever top-level KG roots the hierarchy), so you can validate an identity assertion on any response from within that hierarchy. We still don't have a way to know whether such a response is reasonable or not (although IB does allow for some interesting possibilities towards solving this too). So yeah, if you're willing to accept the constrains of an IB model (namely, some variation on single-root), then there is majick. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- [Sip] comments on draft-kupwade-sip-iba-00 Jonathan Rosenberg
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 James M. Polk
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 James M. Polk
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Michael Thomas
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Michael Thomas
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Hadriel Kaplan
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla