IETF Logo Mail Archive

Re: [stir] "iat" value to use during PASSPorT construction

williw <wilhelm@wimmreuter.de> Fri, 20 July 2018 15:16 UTC

Return-Path: <wilhelm@wimmreuter.de>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149611310AC for <stir@ietfa.amsl.com>; Fri, 20 Jul 2018 08:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.122
X-Spam-Level:
X-Spam-Status: No, score=-1.122 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27ZPYr3eB_dK for <stir@ietfa.amsl.com>; Fri, 20 Jul 2018 08:16:09 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E5661310A2 for <stir@ietf.org>; Fri, 20 Jul 2018 08:16:08 -0700 (PDT)
Received: from wwnet.ww ([91.7.30.157]) by mrelayeu.kundenserver.de (mreue105 [212.227.15.183]) with ESMTPSA (Nemesis) id 0Letzz-1gNVRz3qCV-00qgdN; Fri, 20 Jul 2018 17:16:04 +0200
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: williw <wilhelm@wimmreuter.de>
In-Reply-To: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com>
Date: Fri, 20 Jul 2018 17:15:20 +0200
Cc: "stir@ietf.org" <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0C2B7B00-AB77-48E1-A666-F76A592DDC51@wimmreuter.de>
References: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com>
To: "Asveren, Tolga" <tasveren@rbbn.com>
X-MailScanner-ID: 453E72CC020A.A5921
X-MailScanner: Found to be clean
X-MailScanner-From: wilhelm@wimmreuter.de
X-Provags-ID: V03:K1:Ub3wwLo/sdWZh9Ai/iIVWCHbQHHZzT7QMvdX9PzrGoEgkskVb9/ gjiyiqnGCJo5dj2v2sBL8FEytQg171ghndR3eDZbttQ/RWML+h4ngbe+Y6qtCfkSmYBfGHY UtEEpKeWG9UP6d67T7DnF5uCx3XHBKpdORjFM6zSHRl0dtycg5S7isxtHIn/UloSOoDmv0W paTt03KTfnB7bjygDLdcQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:rd85I2xJ66M=:YiLyTQ4RBkdVzQCy4iOw+0 jJnUq4BDAP8pJKK0bl36zM0CsE+JrKxaezgHhzXEhNx7W/SLB1mtb/nmp1po8oYUmMXhLmwKY oHOCXQLDul7XtzRgOHzB9lWjmuooeuItg6Ox5tXeBXi1lxZ3YYyyajFdckaBF84dssWTy0w8v lRKcKz7fy+SNkFeLDZdruK0lS4tXKpqhI1/zsG1l50U/hbHO/GifkJOZenVC8fWoybZlxWw1h N+Mt4dacoBgAlMzOL4tYpYroNDKUG9OuAW8S7v3j1hwlws5DRyS3TOkEWq3XqSCmZq5LABHEa zQm7WUQjDpXcX/6XbJUNMVK07MJanQPiLRMHLghusPwZi4J62wBGnZjm/aFYm+DzlVw23KiYs eXlJu8QBj2WN9v9VZg1q3SH3NzOLd8cJ5WZTAYquYZuO4h60PA0Hxws+XrxPQ6i2pTvHhJtED ufoasYoOGrXKhanZR0aLI0XC5+TKD5Qe7Y5only0VES/PAbkYXhKTJrYkpNDrO4eB7RdpBhq9 yCWe2cNRftcAGOEdCc0yBmQl2rCoa1voY0xVihwAxxnSTPizbP+kGbmUify46sbfnb+Z7QQUY ug2bBgiRkr09FpF0FRRKng/ueXlk+eKVU/q9u/dvlJE3Nw4OWzqvGcINnZDGyhd1kwNlPhUNk NMBwlZB4QzA1KqwtLVKIEKusttWlaS1xmmhQWQww+n3vkeITC4N4vOhD1jpaz91ZvxsrdmwbF JUuhFNq/1m4QXxtq
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/OrMWNrd6at3ucFlxj0kJIWaGDOM>
Subject: Re: [stir] "iat" value to use during PASSPorT construction
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 15:16:11 -0000

Sorry, I unsuccessfully submitted my concern on jabber list during the meeting.
However, this could be valid in this and applies possibly other areas of stir as well.


My concern that came up while seeing the cat slides in meeting was the following:


Signing outbound / E-gres calls only.
This emulates the old PSTN paradigm and enables impersonation as we have it in SS7.
Without originating signatures this seems to be a big impersonation hole I assume.

In fact, operators will happily sign my robocalls and other malicious stuff.
And this will guarantee that my robocalls have a valid signature that will also be perfect for OOB signalling etc.

Is this concern valid?

Sorry this did not come through the scribe and to the mic.

Thanks

Willi

v2.23.0 | Report a Bug | By Email