Re: [stir] Permitted spoofing
Richard Barnes <rlb@ipv.sx> Sat, 08 June 2013 03:12 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5B8521F9473 for <stir@ietfa.amsl.com>; Fri, 7 Jun 2013 20:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyE7D7hS1ciF for <stir@ietfa.amsl.com>; Fri, 7 Jun 2013 20:12:51 -0700 (PDT)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 8E55A21F9424 for <stir@ietf.org>; Fri, 7 Jun 2013 20:12:51 -0700 (PDT)
Received: by mail-ob0-f182.google.com with SMTP id va7so7488290obc.27 for <stir@ietf.org>; Fri, 07 Jun 2013 20:12:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=6vNjTlccLImy/JiG8MLvCOmniORxtf5DvgfB7Xm01Uo=; b=jjJgbuiX5uNnoYWwKNE/wSL0q5PH2P52H1RupJxBPdGuCX/HEDT84+6P6fjJuQKk1i VcicLWJTp9hiL31JTLeCSRuTAvTlyevK9SwXzU6MnulOiE6TfUP/pwrEFmYAhzMsNPG/ wh5fUFuWAEK7ropx+5bhTntaEMcxtGBLL9VPbaDrsABRsrjAK4o7QlJHcPZNJs31kyND dvhTWTLA7DU3l16hoSCKWPCwAw0WUylwRbz8XORarJtjd+bxxggdiBNsxIk9GYMVA0dK AhshcEDX26nUD0/xFa/+NP55RD5DKo6KGVQ7BFB33OHDTkbDmnAm+LtMBG3TZVEVq/+l Xokg==
MIME-Version: 1.0
X-Received: by 10.60.43.232 with SMTP id z8mr970356oel.138.1370661170546; Fri, 07 Jun 2013 20:12:50 -0700 (PDT)
Received: by 10.60.84.8 with HTTP; Fri, 7 Jun 2013 20:12:50 -0700 (PDT)
X-Originating-IP: [128.89.255.252]
In-Reply-To: <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu>
References: <5DDB5576-CAEF-453C-8C90-0C6709DAD84F@neustar.biz> <172B7D9C-1E4F-49C7-90E5-5848682625CF@cs.columbia.edu>
Date: Fri, 07 Jun 2013 23:12:50 -0400
Message-ID: <CAL02cgTgPgTONwEzZ4EhgY4iCw=30-XY3V0aORp3fT4avX+CsQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Henning Schulzrinne <hgs@cs.columbia.edu>
Content-Type: multipart/alternative; boundary="001a113311fc2ee96604de9bec24"
X-Gm-Message-State: ALoCoQlftzNLwbdeGzj592t34of/6NSSqAqFmiQInSxuVXu3e+ALM9WI73hjU5LsuGWJg2eIo97q
Cc: "Rosen, Brian" <Brian.Rosen@neustar.biz>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Permitted spoofing
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2013 03:12:56 -0000
The RPKI has a protocol for this, known colloquially as the "up/down" protocol. <http://tools.ietf.org/html/rfc6492> Certificate request: <http://tools.ietf.org/html/rfc6492#section-3.4.1> On Fri, Jun 7, 2013 at 10:23 PM, Henning Schulzrinne <hgs@cs.columbia.edu>wrote: > On Jun 7, 2013, at 2:17 PM, Rosen, Brian wrote: > > > > Please note that there are another class of calling party number > spoofing circumstances we CAN do something about. Suppose a doctor wants > to place a call on her mobile that appears to come from her office number. > In that case the doctor can authorize the service that arranges that call. > They can get the cert for the office number and authorize the service to > place calls with that number by giving them a cert for that authorization. > This also works for, as an example, a call center placing calls for an > enterprise. > > > That's probably something we might want to flesh out a bit. My very rough > vision in the central database case would be something like the following: > > (1) Owner [doctors' office] says: "Please mint a cert that entitles Doctor > Smith [public key attached] to use our number 555 1234." [signed by > assignee] > > (2) Database returns cert, which is handed to doctor. > > (4) Doctor uses cert just like any other. > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir >
- Re: [stir] Call Forward/Follow-me Alan Johnston
- [stir] Call Forward/Follow-me Rosen, Brian
- Re: [stir] Call Forward/Follow-me Paul Kyzivat
- Re: [stir] Call Forward/Follow-me Hadriel Kaplan
- Re: [stir] Call Forward/Follow-me Bernard Aboba
- Re: [stir] Permitted spoofing Henning Schulzrinne
- Re: [stir] Permitted spoofing Richard Barnes
- Re: [stir] Permitted spoofing Hadriel Kaplan
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Hadriel Kaplan
- Re: [stir] Permitted spoofing Richard Shockey
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Call Forward/Follow-me Paul Kyzivat
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Michael Hammer
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Dave Crocker
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter
- Re: [stir] Permitted spoofing Rosen, Brian
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter
- Re: [stir] Permitted spoofing Dave Crocker
- Re: [stir] Permitted spoofing Wilhelm Wimmreuter