IETF Logo Mail Archive

Re: [stir] Permitted spoofing

"Rosen, Brian" <Brian.Rosen@neustar.biz> Tue, 11 June 2013 20:42 UTC

Return-Path: <brian.rosen@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8A721F99BC for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 13:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.48
X-Spam-Level:
X-Spam-Status: No, score=-6.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zeDcJ4hDrYxs for <stir@ietfa.amsl.com>; Tue, 11 Jun 2013 13:42:07 -0700 (PDT)
Received: from neustar.com (mx2.neustar.com [156.154.25.104]) by ietfa.amsl.com (Postfix) with ESMTP id C86BC21F957B for <stir@ietf.org>; Tue, 11 Jun 2013 13:42:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1370983259; x=1685861982; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=HdWs+Q5qSU Tt9ot4U/lRQGMe5AzyPFtkwyCpAd9n1y8=; b=nx/Jji/jpoZqHEvtjU0JyAt17/ TGZ77Hximpn29n9KAelvgfz4M5OeIy5h2bES+xPDhIvRgdzoxr+XhZ1RejAg==
Received: from ([10.31.13.228]) by chihiron2.nc.neustar.com with ESMTP with TLS id J041123125.20846001; Tue, 11 Jun 2013 16:40:58 -0400
Received: from STNTEXCHCASHT05.cis.neustar.com (10.31.15.157) by STNTEXCHHT01.cis.neustar.com (10.31.13.228) with Microsoft SMTP Server (TLS) id 8.3.279.1; Tue, 11 Jun 2013 16:41:51 -0400
Received: from stntexmb12.cis.neustar.com ([169.254.2.76]) by STNTEXCHCASHT05.cis.neustar.com ([::1]) with mapi id 14.02.0247.003; Tue, 11 Jun 2013 16:41:46 -0400
From: "Rosen, Brian" <Brian.Rosen@neustar.biz>
To: Wilhelm Wimmreuter <wilhelm@wimmreuter.de>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Thread-Topic: [stir] Permitted spoofing
Thread-Index: AQHOY+81QVR2lI4PHEaFqY34c3fHK5ksZHCAgAADK4CAAAkdAIAD3+GAgABy0gCAADSqAIAASfaA//++QIA=
Date: Tue, 11 Jun 2013 20:41:46 +0000
Message-ID: <CDDD0303.1CE56%brian.rosen@neustar.biz>
In-Reply-To: <AC0E5416-FDFD-4AF0-B38A-009E09FF0B1F@wimmreuter.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.4.130416
x-originating-ip: [10.33.193.6]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: MNOMkCc8KZptkrWozzwXKw==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1DD3564BE37419438BE64B6CAF3809BD@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Michael Hammer <michael.hammer@yaanatech.com>, "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>, "hadriel.kaplan@oracle.com" <hadriel.kaplan@oracle.com>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 20:42:10 -0000

This is not just MITM.

The bad guy just needs to receive any good call, and then use it to
impersonate the person who called them.

I think we need the To, From, some form of call-id and a timestamp to get
a decent signature.

We don't have domains in this discussion - we have telephone numbers, so I
think DANE can't help us.

Brian

On 6/11/13 4:37 PM, "Wilhelm Wimmreuter" <wilhelm@wimmreuter.de> wrote:

>Guess this is MITM is the next VoIP issue to come up.
>
>Both way authentication is not considered for VoIP because service
>providers are trusted by default. ;-)
>
>
>DANE WG with their DNSsec approach might be a solution for this MITM
>issues as well?
>
>
>BTWY:
>We had nasty routing issues in pure PSTN as well. There the MITM could
>pretend being a fixed network operator instead of a mobile operator to
>"optimize" their business case on termination fees.
>
>Willi
>
>
>
>
>On 11.06.2013, at 18:12, Dave Crocker wrote:
>
>> On 6/11/2013 6:03 AM, Rosen, Brian wrote:
>>> MITM is a potential problem, which would be desirable to cut off, but
>>>it's not the stated problem we're trying to solve.
>>> 
>>> There may be some number of service providers in the path that are
>>>tolerant of the problem, but not really complicit.
>> 
>> 
>> This could have a pretty substantial effect on design choices.
>> 
>> For example, session-based SSL authentication -- that is, without
>>server validation (certs) -- permits MITM, which seems to be
>>often/generally acceptable in terms of actual practice, although
>>rhetoric claims otherwise.
>> 
>> But in general, I've had the impression that any effort at
>>authentication or confidentiality comes with an expectation of
>>resistance to MITM compromises.
>> 
>> d/
>> 
>> -- 
>> Dave Crocker
>> Brandenburg InternetWorking
>> bbiw.net
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
>> 
>

v2.23.0 | Report a Bug | By Email