IETF Logo Mail Archive

Re: [stir] DKIM-like key mgmt approach

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 12 June 2013 22:18 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6558621F99B7 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 15:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A87JShb8hRvn for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 15:17:58 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id F131121F99BE for <stir@ietf.org>; Wed, 12 Jun 2013 15:17:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BA0CBBE80; Wed, 12 Jun 2013 23:17:30 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFj3OT5eb2Vu; Wed, 12 Jun 2013 23:17:30 +0100 (IST)
Received: from [10.87.48.12] (unknown [86.41.52.50]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2601ABE5C; Wed, 12 Jun 2013 23:17:30 +0100 (IST)
Message-ID: <51B8F379.7080901@cs.tcd.ie>
Date: Wed, 12 Jun 2013 23:17:29 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
References: <CDDBBF3E.BF45%york@isoc.org> <51B6F9AC.1040806@cs.tcd.ie> <829C653E-48A7-4BA5-A61C-60D1E27EF8DA@neustar.biz> <51B7380D.1020706@cs.tcd.ie> <5C277FC7-6203-4C47-8FA8-C92BD92DE8D4@oracle.com> <51B8EF9B.9060503@alum.mit.edu>
In-Reply-To: <51B8EF9B.9060503@alum.mit.edu>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: stir@ietf.org
Subject: Re: [stir] DKIM-like key mgmt approach
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 22:18:04 -0000

On 06/12/2013 11:00 PM, Paul Kyzivat wrote:
>>
>> So yes if you received the call from +1-212-555-1212 you'd know it's
>> an AT&T number (because of the URL's domain),
> 
> I see no reason why the URL needs to mention att.
> It could be an IP address, frequently changed.
> Or the certs could be hosted by an intermediary for retrieval.

Doesn't matter. Using certs the relationships are crystal clear
as an inherent part of certificate validation. If you want to
change that you'd need to re-invent a *lot* of PKI stuff.

S.

v2.23.0 | Report a Bug | By Email