IETF Logo Mail Archive

Re: [Sip] comments on draft-kupwade-sip-iba-00

Eric Rescorla <ekr@networkresonance.com> Wed, 27 February 2008 16:42 UTC

Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 888CC28C930; Wed, 27 Feb 2008 08:42:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.334
X-Spam-Level:
X-Spam-Status: No, score=-0.334 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ejDtOZZxfTX; Wed, 27 Feb 2008 08:42:20 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0694B28C904; Wed, 27 Feb 2008 08:38:48 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 230F628C904 for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:38:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZkigIAOLG5xb for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:38:42 -0800 (PST)
Received: from romeo.rtfm.com (unknown [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id DD6A728C865 for <sip@ietf.org>; Wed, 27 Feb 2008 08:37:15 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 8BD695081A; Wed, 27 Feb 2008 08:39:00 -0800 (PST)
Date: Wed, 27 Feb 2008 08:39:00 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Harsh Kupwade <harsh_smu@yahoo.com>
In-Reply-To: <355583.98265.qm@web65505.mail.ac4.yahoo.com>
References: <20080227161104.DBE635081A@romeo.rtfm.com> <355583.98265.qm@web65505.mail.ac4.yahoo.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080227163900.8BD695081A@romeo.rtfm.com>
Cc: sip@ietf.org
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org

At Wed, 27 Feb 2008 08:30:11 -0800 (PST),
Harsh Kupwade wrote:
> Forcing a signer to send a certificate is fine, but if the
> signer’s root CA is not same as the receiver’s root CAs, then
> the receiver has to go through a complex path construction process
> which is not a trivial problem.

Huh? The entire Web security system operates on the principle that you
can verify certificates from random CAs. This has not turned out to be
a serious problem in practice.

Moreover, *exactly* the same problem exists wrt the KG in identity-based
systems.

-Ekr
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email