[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [P2PSIP] D/TLS with client authentication

To: Michael Chen <michaelc at idssoftware.com>
Subject: Re: [P2PSIP] D/TLS with client authentication
From: Eric Rescorla <ekr at rtfm.com>
Date: Wed, 30 Sep 2009 20:57:13 -0700
Cc: "p2psip at ietf.org" <p2psip at ietf.org>
Delivered-to: p2psip at core3.amsl.com
In-reply-to: <4AC41D9B.1040504 at idssoftware.com>
List-archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-help: <mailto:p2psip-request@ietf.org?subject=help>
List-id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-post: <mailto:p2psip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
References: <4AC41D9B.1040504 at idssoftware.com>

On Sep 30, 2009, at 8:10 PM, Michael Chen <michaelc at idssoftware.com>wrote:

Hi,
In an earlier thread, David A. Bryan asked about implementationexperience of this draft. Two things pop out immediately from myhead (they both feel like reinventing the wheel):
1. Digital signature related requirements seem rehashing what'sbeing done in TLS and DTLS.
2. Fragmentation handling seems to be reinventing TCP using UDP.
The second one may be unfounded, but I like to toss around an ideawhile implementing the first. What if this draft mandates thefollowing regarding TLS and DTLS connections:
A. Client authentication is required for all TLS and DTLS connections;
B. Both parties (peers) in a D/TLS connection uses the same digitalcredentials (certificates and public/private keys) for the DHToverlay.
For example, say peer X connects to peer Y via TLS. X will get Y'soverlay certificates and public key during the first part of the TLShandshake. Then Y request X (the 'client') to send its certificatesand public key during client authentication. The TLS session willbe honored if and only if the overlay information in thecertificates are validated on both sides. This is fully supportedby TLS and DTLS (plus a few callbacks).


This is already true

The level of trust established this way is equivalent to thatprovided by the current draft-03. The intend is that with thesemandates, the RELOAD protocol itself can be simplified by removingall certificate and signature related requirements. For example, inmy earlier post, an overhead of 1292 bytes can be trimmed down toonly 69 bytes!!! (removing the security block and the STOREsignature).

I still need to think about messages forwarded by instead oforiginated from a peer, but let the discussion begin.


Uh this is the base case. Which is why the messages have signatures

Ekr

Thanks

--Michael

_______________________________________________
P2PSIP mailing list
P2PSIP at ietf.org
https://www.ietf.org/mailman/listinfo/p2psip

Follow-Ups:
- Re: [P2PSIP] D/TLS with client authentication
  - From: Michael Chen

References:
- [P2PSIP] D/TLS with client authentication
  - From: Michael Chen

Prev by Date: Re: [P2PSIP] 10.3.1 Self-Generated Credentials
Next by Date: Re: [P2PSIP] D/TLS with client authentication
Previous by thread: [P2PSIP] D/TLS with client authentication
Next by thread: Re: [P2PSIP] D/TLS with client authentication
Index(es):
- Date
- Thread