IETF Logo Mail Archive

Re: [Sip] comments on draft-kupwade-sip-iba-00

Harsh Kupwade <harsh_smu@yahoo.com> Wed, 27 February 2008 17:17 UTC

Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06DA828C885; Wed, 27 Feb 2008 09:17:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.403
X-Spam-Level:
X-Spam-Status: No, score=0.403 tagged_above=-999 required=5 tests=[AWL=-0.160, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=1, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opZE3dH01vSB; Wed, 27 Feb 2008 09:16:56 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1017E28C7B0; Wed, 27 Feb 2008 09:16:29 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F16E43A6E25 for <sip@core3.amsl.com>; Wed, 27 Feb 2008 09:16:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mI2+GlsWt8cA for <sip@core3.amsl.com>; Wed, 27 Feb 2008 09:16:26 -0800 (PST)
Received: from web65509.mail.ac4.yahoo.com (web65509.mail.ac4.yahoo.com [76.13.9.53]) by core3.amsl.com (Postfix) with SMTP id 88ADE28C4B2 for <sip@ietf.org>; Wed, 27 Feb 2008 09:14:36 -0800 (PST)
Received: (qmail 86731 invoked by uid 60001); 27 Feb 2008 17:14:27 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=qTRQX4N9kLHmow+EvXXosnNsUyTxkquHzRbAwGCmE+7yFaBOBi1XA3EVUui0QSaF+L7fpzBqb/iCEqWCVsJ0005S75wkbTkdxRmWQmyVN2uTd8APQZ7gPmGJ3E1btOTLeEkgcUpWxRpE05RZ5eJfYk9+U2NSEOGde7Slx48y5x0=;
X-YMail-OSG: WYPl50AVM1kEJ97DljbB20BxoqWebxRsojQ.JIFT
Received: from [70.250.198.218] by web65509.mail.ac4.yahoo.com via HTTP; Wed, 27 Feb 2008 09:14:26 PST
Date: Wed, 27 Feb 2008 09:14:26 -0800
From: Harsh Kupwade <harsh_smu@yahoo.com>
To: Eric Rescorla <ekr@networkresonance.com>
In-Reply-To: <20080227170702.5A5C05081A@romeo.rtfm.com>
MIME-Version: 1.0
Message-ID: <132324.81291.qm@web65509.mail.ac4.yahoo.com>
Cc: sip@ietf.org
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1500423586=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org

What if the trust anchors are not complied into your client? Then verifying a digital signature is not a trivial problem. 
   
  Cross certificate validation is a challenging issue?
    

Eric Rescorla <ekr@networkresonance.com> wrote:

  At Wed, 27 Feb 2008 08:59:10 -0800 (PST),
Harsh Kupwade wrote:
> 
> [1 ]
> How can we verify a certificate from a random CA? It will definitely
> be a serious threat in the near future.

Uh, that the trust anchors are publicly known and compiled into
your client. 


> A malicious KG is equivalent to a malicious CA. A malicious CA
> can also tag a public key to a different user and pose the same
> threat level.

Yes, a malicious CA is bad.
No, a malicious CA is not anywhere near as bad as a malicious KG.
A malicious CA has to mount MITM attacks on all your traffic
in order to decrypt. A malicious KG can passively decrypt.

Again, some people view escrow as a feature, but its simply
not true that the security properties of PKI-based systems
are the same as those IBE-based systems.

-Ekr


       
---------------------------------
Never miss a thing.   Make Yahoo your homepage.
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email