IETF Logo Mail Archive

Re: [stir] Permitted spoofing

Hadriel Kaplan <hadriel.kaplan@oracle.com> Sat, 08 June 2013 18:19 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 936EE21F9347 for <stir@ietfa.amsl.com>; Sat, 8 Jun 2013 11:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.298
X-Spam-Level:
X-Spam-Status: No, score=-6.298 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ajn3MtU7x2Gd for <stir@ietfa.amsl.com>; Sat, 8 Jun 2013 11:19:12 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 2C39421F91A5 for <stir@ietf.org>; Sat, 8 Jun 2013 11:18:59 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r58IIpTV024548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 8 Jun 2013 18:18:51 GMT
Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r58IIoP4002917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 8 Jun 2013 18:18:51 GMT
Received: from abhmt108.oracle.com (abhmt108.oracle.com [141.146.116.60]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r58IIoGx018227; Sat, 8 Jun 2013 18:18:50 GMT
Received: from dhcp-amer-vpn-adc-anyconnect-10-154-156-6.vpn.oracle.com (/10.154.156.6) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 08 Jun 2013 11:18:50 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu>
Date: Sat, 08 Jun 2013 14:18:51 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <15ABDCF6-F127-4E8B-807F-FC3FAD78B905@oracle.com>
References: <5DDB5576-CAEF-453C-8C90-0C6709DAD84F@neustar.biz> <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu>
To: Henning Schulzrinne <hgs@cs.columbia.edu>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Cc: "Rosen, Brian" <Brian.Rosen@neustar.biz>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2013 18:19:18 -0000

On Jun 7, 2013, at 10:23 PM, Henning Schulzrinne <hgs@cs.columbia.edu> wrote:

> That's probably something we might want to flesh out a bit. My very rough vision in the central database case would be something like the following:
> 
> (1) Owner [doctors' office] says: "Please mint a cert that entitles Doctor Smith [public key attached] to use our number 555 1234." [signed by assignee]
> (2) Database returns cert, which is handed to doctor.
> (4) Doctor uses cert just like any other.

If we want such a thing to work in the near-term timeframe, I don't think it can work that way.  For one thing I don't expect phones to be able to do the signing themselves, nor their access service providers to believe/trust the phones.  As far as I know, today the Doctor phone's service provider has to be in on it, and the provider equipment is provisioned to know the Doctor's phone can claim another caller-id (e.g., P-Associated-URI).  I think it's a big jump to expect them to let any subscriber to claim to be any number just because the supposed holder of that number "authorized" them to.  Even ignoring the P/S-CSCF type equipment, there're a lot of other systems involved in this stuff, for billing, CALEA, troubleshooting, etc.

A more likely scenario is:
(1) Doctor's office submits a request form with its service provider to add Doctor's phone as authorized user for office number caller-id, or with Doctor phone's service provider as a pull request.

(2) The service providers fax each other authorization forms with legal signatures.

(2b) If there is some big central database model, then the Doctor phone's service provider gets added as second source for the Office number.

(3) The Doctor phone's service provider adds into its databases the Office caller-id as an authorized associated number for the phone to use for outbound calls, which triggers associated identity handling during next phone registration.

(4) The Doctor makes an outbound call using the Office number, which the service provider authorizes and signs using its own cert.

-hadriel

v2.23.0 | Report a Bug | By Email