[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DTLS-SRTP harming GETS [was RE: Additional use cases? (Re: Plan for moving forward)]

To: "'Lakshminath Dondeti'" <ldondeti@xxxxxxxxxxxx>
Subject: DTLS-SRTP harming GETS [was RE: Additional use cases? (Re: Plan for moving forward)]
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Tue, 12 Jun 2007 17:28:54 -0700
Authentication-results: sj-dkim-4; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
Cc: "'Eric Rescorla'" <ekr@xxxxxxxxxxxxxxxxxxxx>, "'Jonathan Rosenberg'" <jdrosen@xxxxxxxxx>, "'Hannes Tschofenig'" <Hannes.Tschofenig@xxxxxxx>, "'Francois Audet'" <audet@xxxxxxxxxx>, <ietf-rtpsec@xxxxxxx>, "'Sam Hartman'" <hartmans-ietf@xxxxxxx>, "'Tim Polk'" <tim.polk@xxxxxxxx>, <jon.peterson@xxxxxxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2837; t=1181694540; x=1182558540; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20DTLS-SRTP=20harming=20GETS=20[was=20RE=3A=20Additional=20use= 20cases?=20(Re=3A=20Plan=20for=20moving=20forward)] |Sender:=20; bh=le+Dn7V8ZqfGg0CtwRgcBbQIW7JZeDFEV48WegzgOmQ=; b=h1s/mWkc4njg8OhP3jBzv3rYab6j2eJkUG11SwhRfOF1nfmelnKcb71cjQhqToBucgX6C1xb XP9gmxcyBMpjVBn+GJA3Hs0t5apSEZG2dEAMjrDqos0dSBIIuJCVw03d;
In-reply-to: <466F3408.3070103@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcetTiCjNVuyyDThRdqUE5JtMs65YgAApZOQ

> I was talking about the GETS use case.  My understanding is 
> that IEPREP is considering that use case although I did not 
> find a call flow to point to (I don't know for sure, could 
> someone verify that?).  Perhaps others in this list may 
> have ready references.

IEPREP's existing work excludes cross-domain authentication and 
authorization.  In any event, I don't see how GETS/IEPREP is 
harmed, in any way, if the UAC is really owned by Alice Waters
(chef at a good restaurant here in California) but, due to the
recent earthquake, a nice gentleman from FEMA is using Alice's
home phone and provides authentication to an IEPREP-capable 
system (whatever it is) and gets authorization to make a 
high-bandwidth multimedia call to someone in another city, at
a time where mere mortals aren't able to acquire sufficient
bandwidth or SIP signaling (or whatever) to make a similar
call.

You must believe there is some potential harm with IEPREP
and the network asserting that Alice's phone was involved.
I don't see the harm.  If you still feel there is harm, we'll
need more details -- I don't see the harm and I don't see a 
requirement that falls out of IEPREP or a GETS use case that
applies to RTPSEC.

-d

> thanks,
> Lakshminath
> 
> On 6/12/2007 4:14 PM, Dan Wing wrote:
> > 
> > The use case where someone dials a number and proves their identity
> > using a PIN?  One thing you mentioned at the bottom of your first
> > email http://www.imc.org/ietf-rtpsec/mail-archive/msg00751.html is
> > that "priority call placement use case is similar"; however, it
> > isn't -- IEPREP isn't requiring someone to connect to a remote
> > gateway, prove their identity to that remote gateway, and someone
> > pull that authentication and authorization 'back' into the 
> > originating network.  The trouble with such an approach is how
> > you'd get the access to perform that connection to that remote
> > resource in order to initiate that authorization in the first
> > place -- the phone system is overloaded and the more components
> > of it you involve the more likely you'll find overload.
> > 
> >> and Dan was making a case for it too earlier 
> >> today.
> > 
> > In my email related to directionality?  That was only an idea
> > to avoid the SDP for directionality.
> > 
> > -d
> > 
> >  
> >> regards,
> >> Lakshminath
> >>
> >> On 6/12/2007 12:46 PM, Eric Rescorla wrote:
> >>> At Tue, 12 Jun 2007 12:39:47 -0700,
> >>> Lakshminath Dondeti wrote:
> >>>> Right.  So, why not do it?
> >>> Because it involves a number of changes in the DTLS model (having
> >>> one message happen out of band, having one clienthello elicit
> >>> multiple serverhellos, etc.) and nobody has described a compelling
> >>> reason to do this.
> >>>
> >>> -Ekr
> >>>
> >

Follow-Ups:
- Re: DTLS-SRTP harming GETS [was RE: Additional use cases? (Re: Plan for moving forward)]
  - From: Lakshminath Dondeti

References:
- Re: Additional use cases? (Re: Plan for moving forward)
  - From: Lakshminath Dondeti

Prev by Date: Re: Plan for moving forward
Next by Date: RE: Plan for moving forward
Previous by thread: Re: Additional use cases? (Re: Plan for moving forward)
Next by thread: Re: DTLS-SRTP harming GETS [was RE: Additional use cases? (Re: Plan for moving forward)]
Index(es):
- Date
- Thread