[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] comments on draft-kupwade-sip-iba-00

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00
From: Eric Rescorla <ekr at networkresonance.com>
Date: Thu, 28 Feb 2008 11:14:08 -0800
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <47C7017D.5020301 at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <20080227170702.5A5C05081A at romeo.rtfm.com> <132324.81291.qm at web65509.mail.ac4.yahoo.com> <20080227171901.8EAE95081A at romeo.rtfm.com> <47C7017D.5020301 at softarmor.com>
Sender: sip-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Thu, 28 Feb 2008 12:46:21 -0600,
Dean Willis wrote:
> 
> Eric Rescorla wrote:
> 
> > In any case, I'm not sure why we're having this discusion since
> > all the same trust issues apply to IBE schemes. The only respect
> > in which they don't apply to IBE schemes is if you have a single
> > global KG, but of course you could have a single global CA,
> > too. It's just that nobody wants to do either.
> 
> A global or semi-global KG makes excellent sense in large domains,
> especially where there are significant resource constraints.
> 
> Consider, for example, the 3GPP world of GSM phones. A KG hierarchy
> rooted at the GSMA with each operator then having a subordinate KG could
> make a lot of sense. We could get end-to-end security with significantly
> fewer bits being transmitted than if users had to send copies of their
> certificates along with every message.
>
> Similar characteristics apply in peer-to-peer cases. The enrollment
> process could include a KG interaction. The resulting identity could be
> used with IBS for node identification in the overlay as well as message
> source verification ("identity" in and RFC 4474 context). This helps
> prevent a number of the easy attacks on P2P infrastructure.

Yes, and this is all equally possible with PKI systems. As I
said at the beginning, the only thing that IBS is bringing
to the party here is a smaller credential. As far as I'm
awre, the size of the cert is not the primary reason for lack
of adoption of any of these schemes 

Again, what does IBS bring to the party except compression? [0].

> And of
> course, IBE could provide for message privacy as well as integrity
> across the untrusted peers that will be serving as proxies.

And now we're talking about something totally different: IBE.
I agree that IBE has significantly different characteristics from
PKI. The problems with IBE in SIP are totally different: namely
not knowing the actual identity of the recipietn of the message.
This is the norm in both SIP (retargeting) and P2P (churn)
systems.

-Ekr

[0] It's worth noting that the combination of using ECC and 
doing LZW on certificates would significantly shrink the
size of the cert. I haven't done the math, but I suspect down
to the point where it's not the dominant factor.

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Hadriel Kaplan
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Michael Thomas

References:
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Harsh Kupwade
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Eric Rescorla
- Re: [Sip] comments on draft-kupwade-sip-iba-00
  - From: Dean Willis

Prev by Date: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by Date: Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
Previous by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by thread: Re: [Sip] comments on draft-kupwade-sip-iba-00
Index(es):
- Date
- Thread