[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] comments on draft-kupwade-sip-iba-00

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 26 Feb 2008 22:12:36 -0800
Cc: IETF SIP List <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <20080227060846.DE8A85081A at romeo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <47C4C85F.4050000 at cisco.com> <20080227054105.8A9DE5081A at romeo.rtfm.com> <04F07E6B-8714-4D60-B936-A9B6D339A977 at softarmor.com> <20080227060846.DE8A85081A at romeo.rtfm.com>
Sender: sip-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 26 Feb 2008 22:08:46 -0800,
Eric Rescorla wrote:
> 
> At Tue, 26 Feb 2008 23:55:22 -0600,
> Dean Willis wrote:
> > Here's a novel thing:
> > 
> > Let's say I know your identity is sip:ekr at networkresonance.com, and  
> > that your relationship with the PKG allows you to retrieve keys for  
> > parameterized versions of that identity.
> > 
> > I can construct a new cryptographic identity for you, perhaps "sip:ekr at networkresonance.com;ID=2009121222 
> > " and use that to sign a message to you. You've never seen this  
> > identity before and don't yet even have the private key for it. You  
> > then go to your PKG and retrieve said key and use it to verify the  
> > message.
> 
> Yes, this is a commonly discussed in the IBE world, but it doesn't
> work as well with store-and-forward signature systems because the
> relying party has no opportunity to insist that you provide an
> identity of his choice.

Oh, I should mention: what's the value of needing a new key to
*verify* the message? What does that do for the sender?
The relying party can simply assume the signature is valid.
If the sender wants to force the recipient to have a new 
key, they need to encipher the whole message or require
a signed receipt from the recipient.

-Ekr
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] comments on draft-kupwade-sip-iba-00
  - From: Jonathan Rosenberg
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Dean Willis
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla

Prev by Date: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by Date: [Sip] Query about Supported and require header in Invite
Previous by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Index(es):
- Date
- Thread