IETF Logo Mail Archive

Re: [Sip] comments on draft-kupwade-sip-iba-00

"James M. Polk" <jmpolk@cisco.com> Wed, 27 February 2008 16:03 UTC

Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7266028C777; Wed, 27 Feb 2008 08:03:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.03
X-Spam-Level:
X-Spam-Status: No, score=-1.03 tagged_above=-999 required=5 tests=[AWL=-0.593, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SK72NyQqealO; Wed, 27 Feb 2008 08:03:52 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7B5E3A6C52; Wed, 27 Feb 2008 08:03:48 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C06128C3DB for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:03:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vXVcGavPGyrg for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:03:42 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id C363A28C3DD for <sip@ietf.org>; Wed, 27 Feb 2008 08:02:28 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.25,413,1199692800"; d="scan'208";a="14992860"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-5.cisco.com with ESMTP; 27 Feb 2008 08:02:22 -0800
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m1RG2MAT010475; Wed, 27 Feb 2008 08:02:22 -0800
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id m1RG2MDN000324; Wed, 27 Feb 2008 16:02:22 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 27 Feb 2008 08:02:22 -0800
Received: from jmpolk-wxp.cisco.com ([10.21.92.108]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 27 Feb 2008 08:02:21 -0800
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Wed, 27 Feb 2008 10:02:21 -0600
To: Eric Rescorla <ekr@networkresonance.com>, Jonathan Rosenberg <jdrosen@cisco.com>
From: "James M. Polk" <jmpolk@cisco.com>
In-Reply-To: <20080227054105.8A9DE5081A@romeo.rtfm.com>
References: <47C4C85F.4050000@cisco.com> <20080227054105.8A9DE5081A@romeo.rtfm.com>
Mime-Version: 1.0
Message-ID: <XFE-SJC-212JQSB2GxU00005468@xfe-sjc-212.amer.cisco.com>
X-OriginalArrivalTime: 27 Feb 2008 16:02:21.0772 (UTC) FILETIME=[22C9B0C0:01C8795A]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1076; t=1204128142; x=1204992142; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jmpolk@cisco.com; z=From:=20=22James=20M.=20Polk=22=20<jmpolk@cisco.com> |Subject:=20Re=3A=20[Sip]=20comments=20on=20draft-kupwade-s ip-iba-00 |Sender:=20; bh=sy2Gkh46CV6cP4jgp10hiclirajvL2Xd6Izf70JLnr4=; b=In2ap6WIvnkADmO2o0co5Gf5qjxO+opUBhWGeiebYE5ieUU/Jm7qj0vxlx wDHI/M2cVrIu53fYdjrp26F7s8d5wQB7DEYGQ26pjQTWl4NfQ1Tp3kalgTsP zMgKUS6cz4V/I1XfuFHjAdYB/JXcUPGUEL0xC4Xmq96Sul+J2wPR0=;
Authentication-Results: sj-dkim-1; header.From=jmpolk@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: IETF SIP List <sip@ietf.org>
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org

At 11:41 PM 2/26/2008, Eric Rescorla wrote:
> > I must say I didn't understand how revocation works. From the
> > description of the algorithm it seemed untenable. The verifier never
> > needs to obtain a cert and the public key is generated statically from
> > the identity. Once they have the private key, the sender can always sign
> > with it, so I don't see how revocation is possible.
>
>The way this is done is with what's effectively short-lived
>identities (you could do the same thing with short-lived
>certificates) you treat the time as part of the identity.
>E.g., you might be "jdrosen@cisco.com:March-April, 2008". So,
>the user needs to periodically refresh his private key to match
>the new identity. If the key has been revoked you don't issue
>new keys.

naive question

what burden does this put on a peer (or all peers) to (conceivably) 
have to constantly discover JDR's public key, for example (because 
they don't know how long the private key is good for)?

Or is this problem known/expected or solved easily already?


>-Ekr

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email