[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] comments on draft-kupwade-sip-iba-00

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
From: Dean Willis <dean.willis at softarmor.com>
Date: Thu, 28 Feb 2008 12:46:21 -0600
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <20080227171901.8EAE95081A at romeo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <20080227170702.5A5C05081A at romeo.rtfm.com> <132324.81291.qm at web65509.mail.ac4.yahoo.com> <20080227171901.8EAE95081A at romeo.rtfm.com>
Sender: sip-bounces at ietf.org
User-agent: Icedove 1.5.0.14pre (X11/20080208)

Eric Rescorla wrote:

> In any case, I'm not sure why we're having this discusion since
> all the same trust issues apply to IBE schemes. The only respect
> in which they don't apply to IBE schemes is if you have a single
> global KG, but of course you could have a single global CA,
> too. It's just that nobody wants to do either.

A global or semi-global KG makes excellent sense in large domains,
especially where there are significant resource constraints.

Consider, for example, the 3GPP world of GSM phones. A KG hierarchy
rooted at the GSMA with each operator then having a subordinate KG could
make a lot of sense. We could get end-to-end security with significantly
fewer bits being transmitted than if users had to send copies of their
certificates along with every message.

Similar characteristics apply in peer-to-peer cases. The enrollment
process could include a KG interaction. The resulting identity could be
used with IBS for node identification in the overlay as well as message
source verification ("identity" in and RFC 4474 context). This helps
prevent a number of the easy attacks on P2P infrastructure. And of
course, IBE could provide for message privacy as well as integrity
across the untrusted peers that will be serving as proxies.

--
Dean
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Michael Thomas
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla

References:
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla

Prev by Date: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by Date: Re: [Sip] Review of draft-kupwade-sip-iba-00
Previous by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Index(es):
- Date
- Thread