Re: [stir] Permitted spoofing
Dave Crocker <dhc2@dcrocker.net> Tue, 11 June 2013 16:12 UTC
Return-Path: <dhc2@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5E1621F960F for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 09:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2N1rTHA+iDg for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 09:12:38 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id D62BD21F962D for <stir@ietf.org>; Tue, 11 Jun 2013 09:12:35 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r5BGCPbh018070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 11 Jun 2013 09:12:28 -0700
Message-ID: <51B74C64.4070302@dcrocker.net>
Date: Tue, 11 Jun 2013 09:12:20 -0700
From: Dave Crocker <dhc2@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: "Rosen, Brian" <Brian.Rosen@neustar.biz>
References: <5DDB5576-CAEF-453C-8C90-0C6709DAD84F@neustar.biz> <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu> <15ABDCF6-F127-4E8B-807F-FC3FAD78B905@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DAAEF@ex2k10mb2.corp.yaanatech.com> <E18AFC23-F162-4EEE-AAC1-FEA53438E15A@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DB34C@ex2k10mb2.corp.yaanatech.com> <02A4880B-8DBE-48D8-A5EC-DD82EC282527@neustar.biz>
In-Reply-To: <02A4880B-8DBE-48D8-A5EC-DD82EC282527@neustar.biz>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 11 Jun 2013 09:12:29 -0700 (PDT)
Cc: "hadriel.kaplan@oracle.com" <hadriel.kaplan@oracle.com>, Michael Hammer <michael.hammer@yaanatech.com>, "stir@ietf.org" <stir@ietf.org>, "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 16:12:44 -0000
On 6/11/2013 6:03 AM, Rosen, Brian wrote: > MITM is a potential problem, which would be desirable to cut off, but it's not the stated problem we're trying to solve. > > There may be some number of service providers in the path that are tolerant of the problem, but not really complicit. This could have a pretty substantial effect on design choices. For example, session-based SSL authentication -- that is, without server validation (certs) -- permits MITM, which seems to be often/generally acceptable in terms of actual practice, although rhetoric claims otherwise. But in general, I've had the impression that any effort at authentication or confidentiality comes with an expectation of resistance to MITM compromises. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: [stir] Call Forward/Follow-me Alan Johnston
- [stir] Call Forward/Follow-me Rosen, Brian
- Re: [stir] Call Forward/Follow-me Paul Kyzivat
- Re: [stir] Call Forward/Follow-me Hadriel Kaplan
- Re: [stir] Call Forward/Follow-me Bernard Aboba
- Re: [stir] Permitted spoofing Henning Schulzrinne
- Re: [stir] Permitted spoofing Richard Barnes
- Re: [stir] Permitted spoofing Hadriel Kaplan
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Hadriel Kaplan
- Re: [stir] Permitted spoofing Richard Shockey
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Call Forward/Follow-me Paul Kyzivat
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Dave Crocker
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter
- Re: [stir] Permitted spoofing Dave Crocker
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter