[Sip] comments on draft-kupwade-sip-iba-00
Jonathan Rosenberg <jdrosen@cisco.com> Wed, 27 February 2008 02:18 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C95328C3C5; Tue, 26 Feb 2008 18:18:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.248
X-Spam-Level:
X-Spam-Status: No, score=-1.248 tagged_above=-999 required=5 tests=[AWL=-0.811, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHSmNma3js1n; Tue, 26 Feb 2008 18:18:27 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A19B828C2EA; Tue, 26 Feb 2008 18:18:27 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B88793A69CD for <sip@core3.amsl.com>; Tue, 26 Feb 2008 18:18:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IftlvyfJ+8N2 for <sip@core3.amsl.com>; Tue, 26 Feb 2008 18:18:24 -0800 (PST)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id ABE513A6CAB for <sip@ietf.org>; Tue, 26 Feb 2008 18:18:24 -0800 (PST)
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 26 Feb 2008 18:18:17 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m1R2IIcK026677 for <sip@ietf.org>; Tue, 26 Feb 2008 18:18:18 -0800
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id m1R2IICH023771 for <sip@ietf.org>; Wed, 27 Feb 2008 02:18:18 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 26 Feb 2008 18:18:18 -0800
Received: from [10.32.241.150] ([10.32.241.150]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 26 Feb 2008 18:18:18 -0800
Message-ID: <47C4C85F.4050000@cisco.com>
Date: Tue, 26 Feb 2008 21:18:07 -0500
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: IETF SIP List <sip@ietf.org>
X-OriginalArrivalTime: 27 Feb 2008 02:18:18.0135 (UTC) FILETIME=[04156A70:01C878E7]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2159; t=1204078698; x=1204942698; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20comments=20on=20draft-kupwade-sip-iba-00 |Sender:=20; bh=b5t9939LKmuQBnAMTT9eZXtM+qT2knmgyeCSwGTaGFU=; b=nTgNf8D4m2/S+k7By3xC087A+JIhFD05AiTKtpb0nMUdoNqcOlq2fiLOpr D3R0ceS4kUp6nUai2m9AkeaQVZnp59IyiP1Z6BTo6vPmMBAI0GefG1mzwaMw s28GIbyM3K;
Authentication-Results: sj-dkim-2; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Subject: [Sip] comments on draft-kupwade-sip-iba-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
Harsh, Dean, Thanks much for this document. Its great to see folks trying to tackle new areas of work, especially tough ones like identity. The concept of identity based security is a new one to me; how mature is this stuff? Are there any commercial uses yet? What about intellectual property issues? Has it been well-studied by experts to assess its robustness? i.e., have folks been trying to crack it, and so far its held up? The document talks about encrypting the signature for the target but I don't see what security benefit this brings. Indeed, encrypting content in the signaling for an intended target has proven very problematic. Besides the (so-far) hugely hard cert problem, there is also the issue of retargeting. Also you have cases of multiple receiving devices - forking for example. Maybe Dean is just hoping it goes away, but how would this solution work there? Then there are things like shared lines, contact centers, etc... I agree with Ekr that the primary advantage from a pure signature perspective is the ability to eliminate the fetching of the certificate. I think this is more beneficial than just 'compression'. Identity-Info presents the certificate by reference. The increasing numbers of NAT and firewalls and SBCs are making me increasingly worried that the ability to reach across the network, back to the originator, and fetch ANYTHING over http, will be really hard in SIP deployments. So there is value in eliminating this IMHO. I must say I didn't understand how revocation works. From the description of the algorithm it seemed untenable. The verifier never needs to obtain a cert and the public key is generated statically from the identity. Once they have the private key, the sender can always sign with it, so I don't see how revocation is possible. Thanks, Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 499 Thornall St. Cisco Fellow Edison, NJ 08837 Cisco, Voice Technology Group jdrosen@cisco.com http://www.jdrosen.net PHONE: (408) 902-3084 http://www.cisco.com _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- [Sip] comments on draft-kupwade-sip-iba-00 Jonathan Rosenberg
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 James M. Polk
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 James M. Polk
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Michael Thomas
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Michael Thomas
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Hadriel Kaplan
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00 Eric Rescorla