Re: [Sip] comments on draft-kupwade-sip-iba-00

Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00

From: Harsh Kupwade <harsh_smu at yahoo.com>

Date: Wed, 27 Feb 2008 08:30:11 -0800 (PST)

Delivered-to: ietfarch-sip-web-archive at core3.amsl.com

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=iSOLyiR/Y7Bt8W713XcsfJ2NoLpXO//a72mwBc5nmNiTK6oXk1CxIMeOvII6soiPUAYnJzv1iJv/IU+pIhEbzgbF1g4wFkMx6XPfH46rW96uXzP2yCOeQZjB/kMxGm1k5zCuJNp7icldk+8mElqnJ4HAf1FiyAtv7WOAgJ8xKYE=;

In-reply-to: <20080227161104.DBE635081A at romeo.rtfm.com>

List-help: <mailto:sip-request@ietf.org?subject=help>

List-id: Session Initiation Protocol <sip.ietf.org>

List-post: <mailto:sip@ietf.org>

List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>

Sender: sip-bounces at ietf.org

Forcing a signer to send a certificate is fine, but if the signer?s root CA is not same as the receiver?s root CAs, then the receiver has to go through a complex path construction process which is not a trivial problem.

Diana Berbecaru, Antonio Lioy and Marius Marian ?On the Complexity of Public-Key Certificate Validation?

Eric Rescorla <ekr at networkresonance.com>

At Wed, 27 Feb 2008 10:02:21 -0600,
James M. Polk wrote:
>
> At 11:41 PM 2/26/2008, Eric Rescorla wrote:
> > > I must say I didn't understand how revocation works. From the
> > > description of the algorithm it seemed untenable. The verifier never
> > > needs to obtain a cert and the public key is generated statically from
> > > the identity. Once they have the private key, the sender can always sign
> > > with it, so I don't see how revocation is possible.
> >
> >The way this is done is with what's effectively short-lived
> >identities (you could do the same thing with short-lived
> >certificates) you treat the time as part of the identity.
> >E.g., you might be "jdrosen at cisco.com:March-April, 2008". So,
> >the user needs to periodically refresh his private key to match
> >the new identity. If the key has been revoked you don't issue
> >new keys.
>
> naive question
>
> what burden does this put on a peer (or all peers) to (conceivably)
> have to constantly discover JDR's public key, for example (because
> they don't know how long the private key is good for)?
>
> Or is this problem known/expected or solved easily already?

Well, the feature of IBE schemes is that once you have the public
parameters for the KG, you can compute the public key without
fetching further data from the CA/KG. This is a lot more interesting
for encryption than it is for signature, since, as I said, you
can force the signer to just send you a new certificate, so the
retrieval cost is minimized.

-Ekr
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Try it now.

_______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip