IETF Logo Mail Archive

Re: [stir] On OCSP, TNs, and Privacy

"Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com> Wed, 29 July 2015 02:58 UTC

Return-Path: <Pierce.Gorman@sprint.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE48B1B353B for <stir@ietfa.amsl.com>; Tue, 28 Jul 2015 19:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ar-EWZzqJfaw for <stir@ietfa.amsl.com>; Tue, 28 Jul 2015 19:58:23 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0768.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:768]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABB131B34EA for <stir@ietf.org>; Tue, 28 Jul 2015 19:58:19 -0700 (PDT)
Received: from BL2FFO11FD041.protection.gbl (10.173.160.33) by BL2FFO11HUB038.protection.gbl (10.173.160.242) with Microsoft SMTP Server (TLS) id 15.1.231.11; Wed, 29 Jul 2015 02:58:03 +0000
Authentication-Results: spf=pass (sender IP is 144.230.32.81) smtp.mailfrom=sprint.com; att.com; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of sprint.com designates 144.230.32.81 as permitted sender) receiver=protection.outlook.com; client-ip=144.230.32.81; helo=preapdm2.corp.sprint.com;
Received: from preapdm2.corp.sprint.com (144.230.32.81) by BL2FFO11FD041.mail.protection.outlook.com (10.173.161.137) with Microsoft SMTP Server (TLS) id 15.1.231.11 via Frontend Transport; Wed, 29 Jul 2015 02:58:03 +0000
Received: from pps.filterd (preapdm2.corp.sprint.com [127.0.0.1]) by preapdm2.corp.sprint.com (8.15.0.59/8.15.0.59) with SMTP id t6T2uild013786; Tue, 28 Jul 2015 22:58:03 -0400
Received: from prewe13m08.ad.sprint.com (prewe13m08.corp.sprint.com [144.226.128.27]) by preapdm2.corp.sprint.com with ESMTP id 1vxgn3j83y-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 28 Jul 2015 22:58:03 -0400
Received: from PLSWE13M08.ad.sprint.com (2002:90e5:d61b::90e5:d61b) by PREWE13M08.ad.sprint.com (2002:90e2:801b::90e2:801b) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Tue, 28 Jul 2015 22:58:02 -0400
Received: from PLSWE13M08.ad.sprint.com ([fe80::948e:8473:1735:b216]) by PLSWE13M08.ad.sprint.com ([fe80::948e:8473:1735:b216%15]) with mapi id 15.00.1044.021; Tue, 28 Jul 2015 21:58:01 -0500
From: "Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
Thread-Topic: [stir] On OCSP, TNs, and Privacy
Thread-Index: AQHQySguMNJNzNJ3I0aaqMAOBi3eBJ3w5jYQgABaDoD//6yTMIAAuw5wgABV0ICAAAOeAIAAAjiAgAABtYD//70y0w==
Date: Wed, 29 Jul 2015 02:58:00 +0000
Message-ID: <44D8CE23-4291-4463-91E5-E4C648EEF873@sprint.com>
References: <CAL02cgS_5HrsbeK13T=j31j101hOuSxpjzzRKT93_2zze1xuAg@mail.gmail.com> <BAFABE68-20A7-4C91-9F15-E33E3D5379B5@brianrosen.net> <4B1956260CD29F4A9622F00322FE0531011D3D1D5043@BOBO1A.bobotek.net> <8bcb891a0db145d6882b17374210fd21@PLSWE13M08.ad.sprint.com> <CAL02cgTiZnLxpmcHb57f31NEFcLu-XY=hRQ-5jrsn11x6mtZBQ@mail.gmail.com> <0f678e7a59904ae5b2a2dabce1a4e0a2@PLSWE13M08.ad.sprint.com> <CY1PR09MB06343E53B0B396964D6EF811EA8D0@CY1PR09MB0634.namprd09.prod.outlook.com> <38726EDA2109264987B45E29E758C4D60586269A@MISOUT7MSGUSRDD.ITServices.sbc.com> <CY1PR09MB0634E8BB71B6A01765E77D23EA8D0@CY1PR09MB0634.namprd09.prod.outlook.com> <8C8D48CD-F4A8-4160-A5A7-594DF61A9B60@chriswendt.net> <CAL02cgR9+PLs0YmqRFMMEH1drbMVjdk4icuT-sy3wirV435HJw@mail.gmail.com> <DA49BB1B-868E-4745-9B18-034923895A5A@chriswendt.net> <CAL02cgRgxvAsAw7Ag164e8pir6=jNrLNqONoXudtLM-PpZZR_g@mail.gmail.com>, <A5B03B6C-533E-437B-BBE3-37A39847FD8F@chriswendt.net>
In-Reply-To: <A5B03B6C-533E-437B-BBE3-37A39847FD8F@chriswendt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD041; 1:s/vt5V4cRo2eHBMjVEovUfjacY3mD6rT4gzEPRPWujusNfjqNqtWiCrlt3SEpkYCZQi5agtQ1s1Qcond9CdRYrOvDoazJyJRx7B0jtx4l5EnuwoMMPLH3Mctu7NMhjLec8mYzK7IT+Ru40/aibBX1VbqDPhdewkpRMNdhYdu5S00ZrHNS/5f5bhYmntQbX+cDU67JS74c0hJNxODykwnhL3y/wIdRd2xB/OattboPFh54lDqOvMOJo+Z478m63jh9hs8RJe43BiqhtH3TQjSWCv7GHDe27XBRA7gCnJi1zNVOTPlw2sqDtP2L1iT5Od7
X-Forefront-Antispam-Report: CIP:144.230.32.81; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(13464003)(377454003)(24454002)(189002)(199003)(50986999)(82746002)(76176999)(102836002)(15975445007)(83716003)(36756003)(19580395003)(47776003)(6806004)(19580405001)(33656002)(50466002)(106116001)(62966003)(5890100001)(110136002)(2900100001)(86362001)(5001920100001)(23746002)(93886004)(46102003)(87936001)(2656002)(106466001)(5003600100002)(54356999)(2950100001)(189998001)(92566002)(5003630100001)(77156002)(5001960100002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2FFO11HUB038; H:preapdm2.corp.sprint.com; FPR:; SPF:Pass; MLV:sfv; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11HUB038; 2:qdQyfzJEvTFSCDIlBmTbsjuCbJ+JP/s9A1L1RNJ30mpzruqbCVZX88ZW8q9WbVAfsM92maOB+1LsC/Hs7ai398UxWoXgmCqR0CTn8rG/iWFe0R2zDrLgk7qm22ot606DdTTTWbGRDqPMJfijug9vGdJ1H7hrqe/YOkmghQqHwjU=; 3:2uGX8SRo20OQ6sADPZpxVE3++5WJOjYR1Do1z5X91u9aEFbb0JpoW7KPHA63EGoMhU1H/cQE+MyUBRZxGGRXDRj2D7FaIPZ1LggbMq54g9OtfQVoQNzLIatJD+4uJUk+l33zC/rQ4hrq6tp1l7EIa4FdaaheRWH7UhKifqEfHQ/sdQ3a8WUzs1BqeWsOusPNAATcKlIjRDFIxw2nMNxUbJ6HEMbLyh892XU0Z/T9aY4=; 25:cx1t3ADCcl1ZLi9i4GkdkXdMuIiJjFZuqzzmgin/QxjR+13JHF8Pu/0w4teZcV0D1lti+aKV5Nnx2B+9dAtClKpqx/b7qXYlmUUj6EDfscxHsxzoSvFnkXFFrBxybYGmS5/GQuRj5LA16BPxSTweLcWvr/o9uoypfI+5K0zc3MeaDmspZZak9RdBLniAnoZfdn7kH1u+s0tDLMAfrlcjOsu7KeWuTiQEcDkPZp+6J8FvkS6QZX2CAS+L5DRldA4KEHabyUpHLBgg3foM8o5sGQ==; 20:4fEY+7XKYLsBRQuJz2zBQd5+vXPEgQZ5/yCXWRbaD3Cre9HBoQbHjsKWxfqqiJ8qQ1LWT31b2n9ufr+kY12pbyMw2rutB+G/gaWzNxkizxK/5aKaxfIbgPxB5p8j1etk+93kRW7J4Bv1jWzljuGHaMdFRRLTv4x11Q31dbFXlnvZDNyU811he1lXsTbQpT9fn+HF4BBcb/TZGOfs7DOH8KNjhm+BftvYIbIr3uQgMmxH1CbDgsDvyFdJvQjKLfBH
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2FFO11HUB038;
BL2FFO11HUB038: X-MS-Exchange-Organization-RulesExecuted
X-Microsoft-Antispam-PRVS: <BL2FFO11HUB038D13703BF9492F139628E898C0@BL2FFO11HUB038.protection.gbl>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BL2FFO11HUB038; BCL:0; PCL:0; RULEID:; SRVR:BL2FFO11HUB038;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11HUB038; 4:oOx6defsLe8BmHlGCwX5c0mB8fD3BlqbmpKqsfs0bsRJN/G2sXOxclpLJSpR7MrmRX7IOPJeaTak7jeBn+fefEATBD2H43eh8y3+10O/PpJR5Wy98I8fWK5fpC88RZWuY1KdqnYS40a6XMrB4qds36fIeyABZnZoAjqhZihJMWdNA65hNSeo7znYWFIMKqkYtBdv8p7tJaNJPpM7cgVhyWSZU0k1+OyMLVS77r0pXodoIS814feqj7+uNP+SymsA2ZKCGMU9wrjgJXxVkp8BWSOfdZsLYP+4ODAlua00IJE=
X-Forefront-PRVS: 0652EA5565
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11HUB038; 23:RV0HlfEJM+A3GuWAVC7CnNoErBzXv0525miG51RpE/uS8LqBb1c0GgpGiGKsZOwLSRdta9tjorTtB6L9U8vuGbM0wJCnHqU4XZkwhKIgTvJTFEUP0CsIagZ04CTijbThw3axP7K4vJktLRr62kZQ1eHjKJhlECrz/CWSq3jEOzYPpcI7KxYTyDYeTUGwBlS6ATOgAvekrHr9s+F6TSik+0ywv5CB8qsC1/Val9sx4lDio4zKhcVNrWcHK868Me4LRAP0iOE5+J4Vj3+f9ANTyRszmCFCUd1hJMTdXAWXxDkvFV9u4NmDqA35Ik1Vb4dngRvO51oXi7ZnCnYAdcJ0M5gNMLpP2i3tDBwmzdezqBDafQHLieKO3NQs6IWxk4zL6uRRAifBLcGiHOSm+/i9jhybn8Z/HIfW2UqiGeCQ9Ua2p6COgdgDh1nVXbbwXQEv08vQF+ZEcdGtxgIGkDGiGHzbIOHbbxTqeyCiBeQi0Ru0B1FEnZ5ERBZDA94alRH4eK+dscMOTyV9IefMmFRuhvuEyTWYTsIeR9ZptlY4NU7fzXRMvOhRYpQ8d8jnxcbO41RfwcLQqvJLgwX9SYElBlVZSS/DKcti3kubxk4Xcn1NeCBCqA4XKBkjKf4PVCo410vgHTmCMds7pn1MOJgiqTIfXQWfCwdLt2/Ev4PP2TtXo/rD2/PMPvcKy682Niom7LaSF7giFg7cue6g8eYuTwBW+Go1nvs1usoT/JOrv4L3pn17NHD2hnKEvhX25uOIbX8knnf+bnFV7HaBgNpKmPwwKkiE/cPzVDi2BzLrcRpqA7NPV/1qipfGYQeVFfEGffVA9uwJKUJNE44bay9T1JtmruPxTHLOwoxtalDYZ2y5dDSBNZTCOd/KFiNVFwyZRUjZ3ZtkTEc7bVWIs/2l3MCTWGrQskScv+KOy0zQEUXvJxOUUYUTal1qpURv9GWzHaCS1ykGPr87F2ylbcx0F/IQbj0oOyxbEVGX1jnuseDiuMw16y4N0NS0tpYAB623PPNb0nWzIE0ixex4oBqZCyiOAIcLs3pt6qv1PsVgONBaseRBWmozVx1npFVkiJY4+YKOFC6uIG5CBm+hYUwq99GQCM/QEzktKLJPZTqDMaP3I2o0qdncViT+QvAgVBb6
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11HUB038; 5:ZkQ/TOWz7RdEBf+Fj83IFB/ltgIe+I2peVGXco54hdDkwQZZQRhmC72P1RzYHCi4j7ST3fsLoscvW6e6PAeCe8NNd5KbCbwitTWAFuw405B9CHCwCav6B8PLupDgYYz4xqmkW1v75+Nr+38kBgMXag==; 24:v0UNiaWbd03RbJguOw/YrU24IRK52SEP8c28S+FR+WMuZo8RWEOjn87aooyzh+63M2Iqjtxi87R6xTVqBnkE6Cf44yd4leet6KjRrZj4oFY=
X-OriginatorOrg: sprint.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jul 2015 02:58:03.5653 (UTC)
X-MS-Exchange-CrossTenant-Id: 4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf; Ip=[144.230.32.81]; Helo=[preapdm2.corp.sprint.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2FFO11HUB038
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/MWUIYb7tzi5qHzRnOB3sIvr-KMs>
Cc: Richard Barnes <rlb@ipv.sx>, "stir@ietf.org" <stir@ietf.org>, "PFAUTZ, PENN L" <pp3129@att.com>, Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>
Subject: Re: [stir] On OCSP, TNs, and Privacy
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 02:58:27 -0000

I assume in practice there will be billions of communication endpoints (in the discussion they've been referred to as phones, but laptops, tablets, toasters, cars, M2M/IoT are also candidates) which may authenticate calling number in situ, and others which may have authenticated information proxied to them (over a secure communications channel?), and not necessarily using SIP (think WebRTC) or HTML.

Computing power and time is cheaper in the core as compared to endpoints.  More signaling messages and dips are bad as compared to less signaling and dips.

There are always trade-offs and the safe thing to assume is don't assume anything (with regard to centralized or distributed, cached or dipped).

Sent from my iPad

> On Jul 28, 2015, at 8:57 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
>
> Depends on your perspective.
>
> I would suspect we would both agree that “phones querying the numbering authority registry" is not the problem statement we are working towards, for very different reasons.
>
>
>> On Jul 28, 2015, at 9:51 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>
>> On Tue, Jul 28, 2015 at 9:43 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
>>> Henning discussed an example at the modern meeting.  Gossip based
>>> distributed mechanisms can be used.
>>>
>>> I’m curious what you mean by unbounded, in terms of numbers?
>>> 1k/10k/100k/1M?
>>
>> How many phones are there out there?  "end systems must be able to
>> validate the source identity information."
>>
>>
>>> DNS is a much more brute force mechanism for a distributed system but yet it
>>> propagates things pretty quickly globally.
>>>
>>> 4474bis if i remember correctly even mentions the fact that we will need to
>>> store multiple historical certificate records and references (maybe 2 is
>>> enough in practice) in order to mitigate delays in propagation of new
>>> certificates.
>>>
>>> I don’t see the issue.
>>
>> The point is that when my phone gets a call it needs to be able to
>> verify the caller's authorization.  The Identity-Info signature binds
>> the call to the caller's public key.  So the my phone needs to verify
>> that the public key is authorized.
>>
>> If I understand you correctly, you're proposing that my phone needs to
>> sync down a giant database of which public keys are authorized for
>> which numbers, or it needs to call out to some registry it trusts,
>> which needs to be online all the time.
>>
>> Those both seem far worse than my phone just having to look up a
>> certificate, or verify one that was included in the INVITE directly.
>> The only cost of on the signer side is that the signer has to pick the
>> right cert to send, which, as I said before, is just a hash table
>> lookup.
>>
>> --Richard
>>
>>>
>>>
>>> On Jul 28, 2015, at 9:30 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>>
>>> On Tue, Jul 28, 2015 at 9:22 PM, Chris Wendt <chris-ietf@chriswendt.net>
>>> wrote:
>>>
>>> If the registry is distributed, and the certificate dip is local to the
>>> provider, the numbering authority isn’t in the middle of each call, one of
>>> the points we are advocating in general, in terms of making this scalable
>>> and “deployable”.
>>>
>>>
>>> Do you happen to have a good standard technology on hand for
>>> synchronizing a database across a potentially unbounded set of
>>> signers/verifiers?  I don't think we can assume that that set of
>>> actors is limited to the set of "providers", for any definition of
>>> that term.  For so it is written in RFC 7340:
>>>
>>> """
>>> Generation:  Intermediaries as well as end systems must be able to
>>>    generate the source identity information.
>>>
>>> Validation:  Intermediaries as well as end systems must be able to
>>>    validate the source identity information.
>>> """
>>>
>>> If you're going to meet that requirement, I think your distributed
>>> registry ends up looking far more complex than just passing around
>>> certificates.
>>>
>>> Of course, if you're just talking about a signer looking up what cert
>>> it should use, then we agree; that's just what I meant when I said
>>> that managing multiple certs is just a hash table lookup.
>>>
>>> --Richard
>>>
>>>
>>>
>>>
>>> On Jul 28, 2015, at 3:27 PM, Henning Schulzrinne
>>> <Henning.Schulzrinne@fcc.gov> wrote:
>>>
>>> That was certainly one of the models that have been discussed in the past.
>>> Particularly for small carriers, this would likely reduce the operational
>>> impact to a configuration option in the SBC.
>>>
>>> The disadvantage of this model is caller privacy: If the cert is stored at a
>>> numbering authority, it would be easy for that authority to know which
>>> carrier is receiving calls from whom. (It's not the complete meta data since
>>> it's lacking the callee information.)
>>>
>>> However, unless the TN-to-LRN (in the US) mapping is cached, this "leak"
>>> already exists today.
>>>
>>> -----Original Message-----
>>> From: PFAUTZ, PENN L [mailto:pp3129@att.com]
>>> Sent: Tuesday, July 28, 2015 3:14 PM
>>> To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>; Gorman, Pierce A
>>> [CTO] <Pierce.Gorman@sprint.com>
>>> Cc: stir@ietf.org
>>> Subject: RE: [stir] On OCSP, TNs, and Privacy
>>>
>>> Forgive me but my reptile brain keeps whispering in my ear that this would
>>> be a lot easier if we simply had a numbering registry, whether distributed
>>> or centralized - like we need anyway for at least for number portability -
>>> that also contained the public keys. No tedious mucking about in cyberspace
>>> with certs, CRLs, or OCSP.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: stir [mailto:stir-bounces@ietf.org] On Behalf Of Henning Schulzrinne
>>> Sent: Tuesday, July 28, 2015 10:24 AM
>>> To: Gorman, Pierce A [CTO]
>>> Cc: stir@ietf.org
>>> Subject: Re: [stir] On OCSP, TNs, and Privacy
>>>
>>> In the US alone, we have about 4000 carriers. Managing the reputation of
>>> that many entities, reliably (i.e., without making false positive/negative
>>> mistakes) seems a whole lot more manual effort than storing bags of bits.
>>> Storage and automation is cheap, human judgement and dealing with mistakes
>>> is expensive.
>>>
>>> Obviously, nothing in the architecture prevents wildcard certificates.
>>>
>>> -----Original Message-----
>>> From: stir [mailto:stir-bounces@ietf.org] On Behalf Of Gorman, Pierce A
>>> [CTO]
>>> Sent: Tuesday, July 28, 2015 10:14 AM
>>> To: Richard Barnes <rlb@ipv.sx>
>>> Cc: stir@ietf.org; Alex Bobotek <alex@bobotek.net>; Brian Rosen
>>> <br@brianrosen.net>
>>> Subject: Re: [stir] On OCSP, TNs, and Privacy
>>>
>>> I thought the discussion was on key/cert management.  I'm asking if I
>>> understood the suggestion to minimize requirements.  How is that off topic?
>>>
>>> Best regards,
>>>
>>>
>>> Pierce Gorman
>>> Core Network Planning
>>> O: 913-439-4368
>>> pierce.gorman@sprint.com
>>>
>>>
>>> -----Original Message-----
>>> From: Richard Barnes [mailto:rlb@ipv.sx]
>>> Sent: July 28, 2015 9:12 AM
>>> To: Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com>
>>> Cc: Alex Bobotek <alex@bobotek.net>; Brian Rosen <br@brianrosen.net>;
>>> stir@ietf.org
>>> Subject: Re: [stir] On OCSP, TNs, and Privacy
>>>
>>> On Tue, Jul 28, 2015 at 9:51 AM, Gorman, Pierce A [CTO]
>>> <Pierce.Gorman@sprint.com> wrote:
>>>
>>> "Large scale certificate management is expensive, and TN-specific
>>> certificates are unneeded for securing calls placed by parties who choose to
>>> place calls through a single reputable telephone service provider."
>>>
>>> Are you saying that for "on-net" calls, STIR methodology is unnecessary?
>>>
>>>
>>> This seems a little off-topic for this list.
>>>
>>> --Richard
>>>
>>>
>>> Best regards,
>>>
>>>
>>> Pierce Gorman
>>> Core Network Planning
>>> O: 913-439-4368
>>> pierce.gorman@sprint.com
>>>
>>>
>>> -----Original Message-----
>>> From: Alex Bobotek [mailto:alex@bobotek.net]
>>> Sent: July 27, 2015 11:36 PM
>>> To: Brian Rosen <br@brianrosen.net>; Richard Barnes <rlb@ipv.sx>
>>> Cc: stir@ietf.org
>>> Subject: Re: [stir] On OCSP, TNs, and Privacy
>>>
>>> What motivation would a carrier have to choose any model other than carrier
>>> signing using one of a very limited set of carrier-owned keys? Large scale
>>> certificate management is expensive, and TN-specific certificates are
>>> unneeded for securing calls placed by parties who choose to place calls
>>> through a single reputable telephone service provider.  Anyone can get many
>>> certificates, even a free ones anonymously from some issuers.  It is
>>> typically a combination of the strength of the end-user authentication
>>> performed by the service provider (or certificate issuer in a
>>> provider-agnostic model) and the identity's history that are most useful in
>>> security.
>>>
>>> If we're trying to secure the current telephone system, DNS-like key
>>> repositories a la DKIM or perhaps a small number (compared to the number of
>>> TNs) of certificates are far more practical.
>>>
>>> Regards,
>>>
>>> Alex
>>>
>>> -----Original Message-----
>>> From: stir [mailto:stir-bounces@ietf.org] On Behalf Of Brian Rosen
>>> Sent: Monday, July 27, 2015 7:40 PM
>>> To: Richard Barnes <rlb@ipv.sx>
>>> Cc: stir@ietf.org
>>> Subject: Re: [stir] On OCSP, TNs, and Privacy
>>>
>>> What this means in practice is that it’s TN per cert.
>>>
>>> I wouldn’t say that it’s impossible for a carrier to maintain dozens
>>> of copies of millions of private keys securely, but it’s hard.  You
>>> need multiple copies because you have multiple elements that can
>>> initiate a call, and you don’t want to depend on a centralized
>>> resource to do something as basic as create a call.
>>>
>>> I think it’s hard enough that REQUIRING cert per TN is not acceptable.
>>>
>>> Folks with more intimate knowledge of carrier SIP infrastructure
>>> might have more insight than I do.  It may be acceptable to have a
>>> centralized resource to manage millions of keys.
>>>
>>> Brian
>>>
>>> On Jul 27, 2015, at 6:13 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>>
>>> After the STIR meeting in Prague, Henning and I spent a few minutes
>>> talking through options for revocation checking and certificate
>>> scoping, and I think we have a better idea of what the optimal
>>> solution looks like.  Some notes are below, and some slides with
>>> pictures attached.
>>>
>>> tl;dr: We should:
>>> * Keep TNs in certificates and not bother with any OCSP extensions
>>> * Require Identity-Info to include OCSP responses for all certs in
>>> the chain
>>>
>>>
>>> # Background: Revocation in the web PKI
>>>
>>> In an HTTPS transaction, the HTTPS server provides the client with
>>> a certificate, and it can optionally include an OCSP response ("staple"
>>> it to the transaction).
>>>
>>> A certificate contains a validity interval, a key, and some names/TNs.
>>> An OCSP responses contains a validity interval, a certificate ID
>>> (i.e., a hash), and a status (good/revoked/unknown).  In the web
>>> PKI, certificates are required to be no more than 39 months long,
>>> and OCSP responses no more than 10 days.
>>>
>>> Ideally, a client only considers a certificate valid if it is
>>> accompanied by an OCSP response.  In practice, this is not always
>>> possible; because OCSP queries fail around 3% of the time, browsers
>>> can't require OCSP.  This operational fact will be important below,
>>> but we will continue to have scoping cert lifetimes as an objective.
>>>
>>> In the web PKI, there are basically three revocation checking modalities:
>>>
>>> 1. Live OCSP checking [RFC6069]
>>> 2. OCSP stapling / must_staple [RFC6066,
>>> draft-hallambaker-tlsfeature] 3. Short-lived certificates (~OCSP
>>> lifetime)
>>>
>>> (The last of these is relatively novel, and has not been deployed.
>>> Neither has must-staple.  But they're both pretty trivial, and
>>> could be folded into a STIR architecture pretty easily.)
>>>
>>> Right now, about 90% of TLS transactions use live OCSP, and about 10%.
>>> CAs and browsers dearly want the world to move toward stapled OCSP
>>> or short-lived certs, because these reduces latency and improve the
>>> quality of revocation information.
>>>
>>> Revocation for CA certificates is currently done by having browsers
>>> download a list from a centralized server, since there's no way to
>>> staple more than one OCSP response.  That solution works OK for the
>>> web, but if I were designing something de novo, I would probably
>>> use multi-stapling as well.
>>>
>>>
>>> # Applying this experience to STIR
>>>
>>> Most of the below appear to be desired properties by the WG:
>>>
>>> * Verifier neeeds to know that a cert is valid for a specific
>>> number
>>> * Scoped cert lifetime: Limit certs to ~1week lifetime (by OCSP if
>>> issued longer)
>>> * Caller privacy: Don't report what calls someone receives to a
>>> central server
>>> * Carrier privacy: Don't allow a third party to figure out all the
>>> numbers a carrier holds
>>> * Minimize the rate at which the CA has to sign things
>>> * Tolerate outages at the CA
>>>
>>> I'm going to assume for now that we will not do live OCSP.  It
>>> violates the caller privacy requirement, and as discussed above, it
>>> just sucks operationally.  So STIR should require OCSP to be sent
>>> in "stapled" form, which probably means sending it in Identity-Info.
>>> And while we're at it, we should also do "multi-stapling" -- send
>>> an OCSP response for CA certs as well.
>>>
>>> So if we consider a server with 50k TNs / blocks, that leaves us
>>> with basically 3 options:
>>>
>>> 1. 50k short-lived certs (no OCSP)
>>> 2. 50k long-lived certs scoped to TNs + generic OCSP 3. 1
>>> long-lived cert not scoped to TN (or a few loosely scoped) + OCSP
>>> with TN info
>>>
>>> (As I didn't quite get to say in the meeting, regardless of the
>>> approach, you have to have 50k of *something*.)  Of these, it seems
>>> like the preference order is 2 > 1 > 3.
>>>
>>> Option 3 is bad from several perspectives:
>>> * Putting TN info in the OCSP response enables someone to trawl for
>>> numbers unless you access-control the OCSP server, so you inherit a
>>> requirement to do that.
>>> * With the rate of churn in number assignments, you're probably
>>> going to have to update the long-lived cert pretty frequently anyway.
>>> * Putting TN-specific stuff in certs is better than putting it in
>>> OCSP.  As bad as X.509 libraries can be, OCSP libraries are much
>>> worse.
>>>
>>> Option 1 is mainly bad from the perspective of CA load and outages.
>>> With Option 2, if the CA goes down, client can continue to use the
>>> long-lived cert and just not bother doing OCSP (vs. tolerating an
>>> expired cert).  Slightly cleaner.  Plus, there's a lot more
>>> experience caching OCSP than new certs.  OCSP signing can also be
>>> delegated, so you can have the recurring operation done by a lower-risk key.
>>>
>>> Option 2 should be pretty easy to automate.  You can probably
>>> re-use tooling for OCSP stapling that has already been developed
>>> for use with HTTPS.  If you're a big box signing for a bunch of
>>> numbers, you do need to select the right cert and OCSP response for
>>> a given call, but that's a pretty simple lookup table.
>>> <STIR.pptx>_______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>>
>>>
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint proprietary information intended for the sole
>>> use of the recipient(s). Any use by others is prohibited. If you are not the
>>> intended recipient, please contact the sender and delete all copies of the
>>> message.
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint proprietary information intended for the sole
>>> use of the recipient(s). Any use by others is prohibited. If you are not the
>>> intended recipient, please contact the sender and delete all copies of the
>>> message.
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>>
>>>
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>

________________________________

This e-mail may contain Sprint proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

v2.23.0 | Report a Bug | By Email