[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sip] Toward the Evolution of SIP and Related Working Groups
Dan Wing wrote:
However, if you are communicating directly with another
organization then you would not want to allow them to assert
any identity they wished, because the only identity you expect
them to send you requests with a From that had their own
identity (@microsoft.com, @boeing.com, etc.) -- that is,
the identity of their own employees. You do not expect them
to assert the identity belonging to some other company. You
would not extend the transitive trust to them.
I do wish there was more interest in cryptographic end-to-end
identity that survives through B2BUAs operated by service providers.
It is the end goal; service provider B2BUAs/SBCs are not going
away!
The sipsec URI (http://tools.ietf.org/html/draft-gurbani-sip-sipFrom sip-bounces at ietf.org Tue Jun 24 14:59:28 2008
Return-Path: <sip-bounces at ietf.org>
X-Original-To: sip-web-archive at optimus.ietf.org
Delivered-To: ietfarch-sip-web-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 1F8F53A6896;
Tue, 24 Jun 2008 14:59:28 -0700 (PDT)
X-Original-To: sip at core3.amsl.com
Delivered-To: sip at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 78EC13A688A
for <sip at core3.amsl.com>; Tue, 24 Jun 2008 14:59:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Level:
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hNOUhb7Yd1Kc for <sip at core3.amsl.com>;
Tue, 24 Jun 2008 14:59:25 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33])
by core3.amsl.com (Postfix) with ESMTP id 5212F3A6834
for <sip at ietf.org>; Tue, 24 Jun 2008 14:59:24 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-61.lucent.com [135.3.40.61])
by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id m5OLxOZO024440
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Tue, 24 Jun 2008 16:59:24 -0500 (CDT)
Received: from [135.185.244.90] (il0015vkg1.ih.lucent.com [135.185.244.90])
by umail.lucent.com (8.13.8/TPES) with ESMTP id m5OLxLO8008452;
Tue, 24 Jun 2008 16:59:21 -0500 (CDT)
Message-ID: <48616E3C.2060800 at alcatel-lucent.com>
Date: Tue, 24 Jun 2008 16:59:24 -0500
From: "Vijay K. Gurbani" <vkg at alcatel-lucent.com>
Organization: Bell Labs Security Technology Research Group
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Dan Wing <dwing at cisco.com>
References: <E6C2E8958BA59A4FB960963D475F7AC30BE3C778B0 at mail.acmepacket.com><408DFED6-302C-4525-BCD5-1E43B68369BE at softarmor.com><485FEDBA.9090304 at cisco.com><549C8D7E-8F0D-43C8-B6C3-B61D5D0DE238 at softarmor.com><E6C2E8958BA59A4FB960963D475F7AC30BE7D5C137 at mail.acmepacket.com> <5744EABA-0861-4B95-BD91-2C4F0AC92BFE at softarmor.com> <08d401c8d57a$dc7216d0$c2f0200a at cisco.com>
<4860AD84.60004 at gmx.net> <05d001c8d628$98c91510$c2f0200a at cisco.com>
<48614E77.9010904 at alcatel-lucent.com>
<071b01c8d63f$2e39e910$c2f0200a at cisco.com>
<4861675E.1010507 at alcatel-lucent.com>
<076c01c8d643$85c210a0$c2f0200a at cisco.com>
In-Reply-To: <076c01c8d643$85c210a0$c2f0200a at cisco.com>
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
Cc: sip at ietf.org
Subject: Re: [Sip] Toward the Evolution of SIP and Related Working Groups
X-BeenThere: sip at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request at ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/sip>
List-Post: <mailto:sip at ietf.org>
List-Help: <mailto:sip-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request at ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: sip-bounces at ietf.org
Errors-To: sip-bounces at ietf.org
Dan Wing wrote:
However, if you are communicating directly with another
organization then you would not want to allow them to assert
any identity they wished, because the only identity you expect
them to send you requests with a From that had their own
identity (@microsoft.com, @boeing.com, etc.) -- that is,
the identity of their own employees. You do not expect them
to assert the identity belonging to some other company. You
would not extend the transitive trust to them.
I do wish there was more interest in cryptographic end-to-end
identity that survives through B2BUAs operated by service providers.
It is the end goal; service provider B2BUAs/SBCs are not going
away!
The sipsec URI (http://tools.ietf.org/html/draft-gurbani-sip-sipsec-01).
Sorry could not resist ;-)
Though that is not a panacea either since I doubt any B2BUA
operated by the service provider will agree to behave as a
transparent bit forwarder (although there are crypto-
techniques to allow intermediaries to snoop in an encrypted
stream to look only for certain keywords. But I doubt that work
is to a point that one can create a scalable production system
out of it.)
There is also some work on using IBE (see
http://tools.ietf.org/html/draft-kupwade-sip-iba-00); this draft
was discussed on the list before the PHL IETF. IIRC, the
discussions centered around problems with key escrow.
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: vkg at {alcatel-lucent.com,bell-labs.com,acm.org}
WWW: http://www.alcatel-lucent.com/bell-labs
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip
sec-01).
Sorry could not resist ;-)
Though that is not a panacea either since I doubt any B2BUA
operated by the service provider will agree to behave as a
transparent bit forwarder (although there are crypto-
techniques to allow intermediaries to snoop in an encrypted
stream to look only for certain keywords. But I doubt that work
is to a point that one can create a scalable production system
out of it.)
There is also some work on using IBE (see
http://tools.ietf.org/html/draft-kupwade-sip-iba-00); this draft
was discussed on the list before the PHL IETF. IIRC, the
discussions centered around problems with key escrow.
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: vkg at {alcatel-lucent.com,bell-labs.com,acm.org}
WWW: http://www.alcatel-lucent.com/bell-labs
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip