IETF Logo Mail Archive

Re: [stir] Permitted spoofing

Wilhelm Wimmreuter <wilhelm@wimmreuter.de> Tue, 11 June 2013 20:37 UTC

Return-Path: <wilhelm@wimmreuter.de>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC96321F8BC0 for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 13:37:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpFJ2T9f-s9i for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 13:37:27 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by ietfa.amsl.com (Postfix) with ESMTP id CC82421F99C2 for <stir@ietf.org>; Tue, 11 Jun 2013 13:37:16 -0700 (PDT)
Received: from wwnet.ww (p5DE95C29.dip0.t-ipconnect.de [93.233.92.41]) by mrelayeu.kundenserver.de (node=mrbap3) with ESMTP (Nemesis) id 0MbgsX-1V2nmO1Mvd-00J4dA; Tue, 11 Jun 2013 22:37:13 +0200
Received: by wwnet.ww (Postfix, from userid 783) id BE22888AE5C; Tue, 11 Jun 2013 22:37:12 +0200 (CEST)
Received: from [192.168.178.24] (unknown [192.168.178.24]) (Authenticated sender: williw) by wwnet.ww (Postfix) with ESMTPSA id 42F0088AD48; Tue, 11 Jun 2013 22:37:06 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Wilhelm Wimmreuter <wilhelm@wimmreuter.de>
In-Reply-To: <51B74C64.4070302@dcrocker.net>
Date: Tue, 11 Jun 2013 22:37:03 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <AC0E5416-FDFD-4AF0-B38A-009E09FF0B1F@wimmreuter.de>
References: <5DDB5576-CAEF-453C-8C90-0C6709DAD84F@neustar.biz> <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu> <15ABDCF6-F127-4E8B-807F-FC3FAD78B905@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DAAEF@ex2k10mb2.corp.yaanatech.com> <E18AFC23-F162-4EEE-AAC1-FEA53438E15A@oracle.com> <00C069FD01E0324C9FFCADF539701DB3A03DB34C@ex2k10mb2.corp.yaanatech.com> <02A4880B-8DBE-48D8-A5EC-DD82EC282527@neustar.biz> <51B74C64.4070302@dcrocker.net>
To: dcrocker@bbiw.net
X-Mailer: Apple Mail (2.1085)
X-Provags-ID: V02:K0:yFWEJxRzlj6R2/7RnLc7vhHSY4cUyKQvYw4ubVMeOQA 4ti8Qcw9CPq8XZDOXG6xhr5DtvTSAR9FVJvxmJqSh7Wbf41mS4 WfenC9w/GB/rc6h3qzb7IConb12DcrI2swUxytpEfJ0I7vc2Hx xCWU0qya4BISnsfb6qmw2eqS7Oy/NnE7mlg7+0SVOLJAoBv+Vo 1w6zdIy2vP3Explo7C1/2SejueA1a6OZ6axpfNfS/6uzGSRdBh pkA/3eVXkY8qEXzCgWLiEwLoJn4HVgD9yIReNFPMkDTvM5E6Nx ffUXgIkI7DbTQO/YOvf6dwfmEG0U/J7R2OpouOtfqsAJ8RRE+d JP7MS5sTDT7HbwYkVWlpugYg485tuIMWm4t3JhFy0
Cc: "Rosen, Brian" <Brian.Rosen@neustar.biz>, "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>, "hadriel.kaplan@oracle.com" <hadriel.kaplan@oracle.com>, "stir@ietf.org" <stir@ietf.org>, Michael Hammer <michael.hammer@yaanatech.com>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 20:37:31 -0000

Guess this is MITM is the next VoIP issue to come up.

Both way authentication is not considered for VoIP because service providers are trusted by default. ;-)


DANE WG with their DNSsec approach might be a solution for this MITM issues as well?


BTWY:
We had nasty routing issues in pure PSTN as well. There the MITM could pretend being a fixed network operator instead of a mobile operator to "optimize" their business case on termination fees.

Willi




On 11.06.2013, at 18:12, Dave Crocker wrote:

> On 6/11/2013 6:03 AM, Rosen, Brian wrote:
>> MITM is a potential problem, which would be desirable to cut off, but it's not the stated problem we're trying to solve.
>> 
>> There may be some number of service providers in the path that are tolerant of the problem, but not really complicit.
> 
> 
> This could have a pretty substantial effect on design choices.
> 
> For example, session-based SSL authentication -- that is, without server validation (certs) -- permits MITM, which seems to be often/generally acceptable in terms of actual practice, although rhetoric claims otherwise.
> 
> But in general, I've had the impression that any effort at authentication or confidentiality comes with an expectation of resistance to MITM compromises.
> 
> d/
> 
> -- 
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email