IETF Logo Mail Archive

Re: [Sip] Review of draft-kupwade-sip-iba-00

Eric Rescorla <ekr@networkresonance.com> Wed, 27 February 2008 16:04 UTC

Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CB8328C1DA; Wed, 27 Feb 2008 08:04:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.328
X-Spam-Level:
X-Spam-Status: No, score=-0.328 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7PFQrnKsrEo; Wed, 27 Feb 2008 08:04:46 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE00B28C742; Wed, 27 Feb 2008 08:04:24 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A5C03A69D6 for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:04:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWc+h3myQaYf for <sip@core3.amsl.com>; Wed, 27 Feb 2008 08:04:18 -0800 (PST)
Received: from romeo.rtfm.com (unknown [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 577A528C7BA for <sip@ietf.org>; Wed, 27 Feb 2008 08:04:09 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 1EFA95081A; Wed, 27 Feb 2008 08:05:54 -0800 (PST)
Date: Wed, 27 Feb 2008 08:05:54 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Harsh Kupwade <harsh_smu@yahoo.com>
In-Reply-To: <729836.33399.qm@web65516.mail.ac4.yahoo.com>
References: <20080227141431.2C3025081A@romeo.rtfm.com> <729836.33399.qm@web65516.mail.ac4.yahoo.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080227160554.1EFA95081A@romeo.rtfm.com>
Cc: sip@ietf.org
Subject: Re: [Sip] Review of draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org

At Wed, 27 Feb 2008 07:43:08 -0800 (PST),
Harsh Kupwade wrote:
> 
> [1  <text/plain; iso-8859-1 (8bit)>]
> Key escrow problem has been tackled using B. Lee et. al’s
> algorithm.  They propose a single Private key generator who would
> perform the identity check and multiple KPAs (Key Privacy
> Authorities) who would distribute the partial private key.  Lee, B.,
> Boyd, C., Dawson, E., Kim, K., Yang, J. and Yoo, S., "Secure Key
> Issuing in ID-based Cryptography," in Conferences in Research and
> Practice in Information Technology, 2004, vol. 32, pp. 69-74.

I don't see how this really solves the problem. Obviously,
at a large cost you can have multiple KGs such that all of
them need to cheat in order to recover the message content,
but that doesn't really solve the problem. As the paper
you cite indicates, lawful intercept can be performed by
subpoenaing all the KGs.

Now, I'm not saying that escrow is necessarily bad, but
that just that this doesn't remove it.

-Ekr


> Eric Rescorla <ekr@networkresonance.com> wrote:  At Wed, 27 Feb 2008 01:47:23 -0500,
> Hadriel Kaplan wrote:
> > 
> > Cool. So if I understand this right (and I probably don't),
> > ignoring rfc4474 identity and IBS for a moment and instead thinking
> > about SRTP and IBE: I could use IBE to encrypt the
> > security-descriptions attribute value using the intended target's
> > SIP URI as a key, and only someone owning that URI (and sharing the
> > same KG) or the KG itself could decrypt it to learn the sec-desc
> > cleartext to use?
> 
> Yeah. This is how Voltage's email system works. (Seriously,
> read the blog post I pointed at, whcih explains all this).
> But of course this doesn't work correctly with a bunch of
> retargeting scenarios. This is basically orthogonal to
> MIKEY RSA mdoe, except that instead of doing certificate
> retrieval you need to do parameter retrieval, and only
> once for the domain.
> 
> Another sort-of-weird feature here is that you can encrypt to
> someone who hasn't registered with the system, and then
> they can register *afterward*. That works with email but
> of course is too slow for VoIP.
> 
> 
> > -hadriel p.s. the KG would actually be a problem for IBE, wouldn't
> > it? I mean the KG can always decrypt it. (at which point they would
> > be the Key Generator Backdoor - aka, the KGB ;)
> 
> Yeah. This feature is generally referred to as "escrow" and is
> one of the reasons why people don't want to have a single 
> global KG.
> 
> -Ekr
> _______________________________________________
> Sip mailing list https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
> 
> 
>        
> ---------------------------------
> Looking for last minute shopping deals?  Find them fast with Yahoo! Search.
> [2  <text/html; iso-8859-1 (8bit)>]
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email