List Info

Thread: Re: comments on draft-kupwade-sip-iba-00
Re: comments on draft-kupwade-sip-iba-00
country flaguser name
United States		 2008-02-28 12:46:21 
Eric Rescorla wrote:

> In any case, I'm not sure why we're having this
discusion since
> all the same trust issues apply to IBE schemes. The
only respect
> in which they don't apply to IBE schemes is if you have
a single
> global KG, but of course you could have a single global
CA,
> too. It's just that nobody wants to do either.

A global or semi-global KG makes excellent sense in large
domains,
especially where there are significant resource
constraints.

Consider, for example, the 3GPP world of GSM phones. A KG
hierarchy
rooted at the GSMA with each operator then having a
subordinate KG could
make a lot of sense. We could get end-to-end security with
significantly
fewer bits being transmitted than if users had to send
copies of their
certificates along with every message.

Similar characteristics apply in peer-to-peer cases. The
enrollment
process could include a KG interaction. The resulting
identity could be
used with IBS for node identification in the overlay as well
as message
source verification ("identity" in and RFC 4474
context). This helps
prevent a number of the easy attacks on P2P infrastructure.
And of
course, IBE could provide for message privacy as well as
integrity
across the untrusted peers that will be serving as proxies.

--
Dean
_______________________________________________
Sip mailing list  https://www
.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip
Re: comments on draft-kupwade-sip-iba-00
user name
 2008-02-28 13:14:08 
At Thu, 28 Feb 2008 12:46:21 -0600,
Dean Willis wrote:
> 
> Eric Rescorla wrote:
> 
> > In any case, I'm not sure why we're having this
discusion since
> > all the same trust issues apply to IBE schemes.
The only respect
> > in which they don't apply to IBE schemes is if you
have a single
> > global KG, but of course you could have a single
global CA,
> > too. It's just that nobody wants to do either.
> 
> A global or semi-global KG makes excellent sense in
large domains,
> especially where there are significant resource
constraints.
> 
> Consider, for example, the 3GPP world of GSM phones. A
KG hierarchy
> rooted at the GSMA with each operator then having a
subordinate KG could
> make a lot of sense. We could get end-to-end security
with significantly
> fewer bits being transmitted than if users had to send
copies of their
> certificates along with every message.
>
> Similar characteristics apply in peer-to-peer cases.
The enrollment
> process could include a KG interaction. The resulting
identity could be
> used with IBS for node identification in the overlay as
well as message
> source verification ("identity" in and RFC
4474 context). This helps
> prevent a number of the easy attacks on P2P
infrastructure.

Yes, and this is all equally possible with PKI systems. As
I
said at the beginning, the only thing that IBS is bringing
to the party here is a smaller credential. As far as I'm
awre, the size of the cert is not the primary reason for
lack
of adoption of any of these schemes 

Again, what does IBS bring to the party except compression?
[0].


> And of
> course, IBE could provide for message privacy as well
as integrity
> across the untrusted peers that will be serving as
proxies.

And now we're talking about something totally different:
IBE.
I agree that IBE has significantly different characteristics
from
PKI. The problems with IBE in SIP are totally different:
namely
not knowing the actual identity of the recipietn of the
message.
This is the norm in both SIP (retargeting) and P2P (churn)
systems.

-Ekr

[0] It's worth noting that the combination of using ECC and

doing LZW on certificates would significantly shrink the
size of the cert. I haven't done the math, but I suspect
down
to the point where it's not the dominant factor.

_______________________________________________
Sip mailing list  https://www
.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip
Re: comments on draft-kupwade-sip-iba-00
country flaguser name
United States		 2008-02-28 15:01:46 
Dean Willis wrote:
> [] The enrollment
> process could include a KG interaction. 

This to my mind is the _actual_ problem hindering
deployment. Does
this scheme help that problem or just rearrange the deck
chairs? Something
that posits yet another trust anchor would strike me as the
latter.

 From the conclusion:

  The advantages with the proposed methods are:

   1.  Key size: Elliptic-curve cryptography arguably
provides
       equivalent security with smaller operands than the
RSA technique
       typically used with [7 <http://tools.ietf.org/html/draft-kupwade-sip-iba-00
#ref-7>].  This provides some advantage for
       resource-constrained environments such as mobile
telephones.  It
       also reduces the cryptographic load on large-scale
devices doing
       frequent authentication checks.

You can do this with PKI or key-centric schemes too.

   2.  Key discovery: Callers can generate the public key of
the callee
       from the identity (SIP URI) of the callee and vice
versa.  This
       eliminates a requirement for a key discovery
mechanism using
       external sources, making deployment significantly
easier.

Or you can ship the key or cert in the signaling too.

   3.  Certificate validation: As a result caller or callee
need not go
       through the complex path construction process to
retrieve the
       public keys of a chain of CAs from the public key
depositories
       which are controlled by the respective CAs.  This
allows
       deployment in a peer-to-per modality without a need
to route SIP
       messages through a centralized identity service or
trust peer
       nodes to operate as identity services.

What is the KG if not a centralized entity? I guess I don't
understand this part.

   4.  Revocation: The ease of minting new identities and
discovering
       keys allows short-lived identities, reducing the need
for
       certificate revocation lists and the checking
thereof.  This
       offers very large operational advantages in resource
constrained
       environments.

I don't understand why this is "easy". Enrollment
is 
"hard" unless there's something really new here.
And 
if I wanted a short-lived identity, I could just gin 
up a new public key pair and use that as the identity
too. But I thought that the real problem was dealing with
long term identities like, oh say, matcisco.com.

		Mike

_______________________________________________
Sip mailing list  https://www
.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )