IETF Logo Mail Archive

Re: [stir] current draft charter

Hadriel Kaplan <hadriel.kaplan@oracle.com> Mon, 17 June 2013 18:57 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0827421F9A86 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 11:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.565
X-Spam-Level:
X-Spam-Status: No, score=-6.565 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCihvZyuzgYe for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 11:57:06 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 7002321F9A74 for <stir@ietf.org>; Mon, 17 Jun 2013 11:57:06 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5HIv5ps016580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jun 2013 18:57:05 GMT
Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5HIv1n5012060 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jun 2013 18:57:04 GMT
Received: from abhmt103.oracle.com (abhmt103.oracle.com [141.146.116.55]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5HIv1s1022025; Mon, 17 Jun 2013 18:57:01 GMT
Received: from [10.1.21.23] (/10.5.21.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 17 Jun 2013 11:57:01 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <00C069FD01E0324C9FFCADF539701DB3A03DD801@ex2k10mb2.corp.yaanatech.com>
Date: Mon, 17 Jun 2013 14:57:00 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB12D461-BBE5-4DB6-B441-793627064723@oracle.com>
References: <CDE38BC3.20F76%jon.peterson@neustar.biz> <6BAABF96-8892-4C50-BB30-5F1FC05BDFD8@oracle.com> <F5C27090-FF39-4FBC-BC7E-F2ACFA5A4E6F@cs.columbia.edu> <00C069FD01E0324C9FFCADF539701DB3A03DD0D4@ex2k10mb2.corp.yaanatech.com> <013f01ce6b7a$0e555aa0$2b000fe0$@shockey.us> <00C069FD01E0324C9FFCADF539701DB3A03DD6BF@ex2k10mb2.corp.yaanatech.com> <9D6E85D6-A6BE-470A-A01D-570DF851B6A6@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DD801@ex2k10mb2.corp.yaanatech.com>
To: Michael Hammer <michael.hammer@yaanatech.com>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "stir@ietf.org" <stir@ietf.org>, "richard@shockey.us" <richard@shockey.us>
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 18:57:13 -0000

On Jun 17, 2013, at 2:05 PM, Michael Hammer <michael.hammer@yaanatech.com> wrote:

> That is a key distinction and ties into my assertion that the CC numbering
> authority must control that.
> 
> But, clarify one thing for me.  Does DNSSEC ensure both:
> -  that the uploading of information is authentic,

I am not-at-all an expert on DNSSEC, but I don't believe it covers how the info gets uploaded into the DNS database.  Of course neither does anything else.

Regardless of what protocol and architecture we end up using, at the end of the day the administrator of a given database has to provision the "customers" that can upload for which E.164 entries.  Each customer account is provisioned with some set of credentials with which to do so - for example a username+password, or whatever.  The customers then use some mechanism to upload/update their entries with the credentials.  This could be through a web portal, or Dynamic DNS, or sending faxes.

It would definitely be nice to provide a defined protocol means of doing some of that, for at least the part of: customer-X which already has an account with credentials in database Y, and is already assigned E.164 number Z, being able to upload a public-key or unsigned cert for number Z into the database Y.  I don't really care what the protocol is for that to happen, although defining something over HTTPS makes the most sense to me for that.


> -  attempts to read the data actually get to that secure entry?

If I understand it right, it doesn't actually matter if you reach the right server or not - if another server responds with a false/fake entry, you'll correctly detect it is fake; if another server responds with a correct entry, you'll detect that it's not fake and it's perfectly ok to use it.

-hadriel

v2.23.0 | Report a Bug | By Email