Hi Dan, I have three questions about the new security requirements draft (-03): (1) The threats and security requirements on DHT network or overlay are discussed , but what about the threats and security requirements on SIP? Especially that what are the threats on decentralized SIP?
(2) Why the layers in "Figure 2 P2PSIP architecture" are different from the architecture layers in RELOAD? The KBR Layer isn't included in the layers of RELOAD, and this layer is not defined in draft-ietf-p2psip-concepts-02. (3) As I know, PKI-based certificate is not flexible enough nor bandwidth efficient because of the size of keys and certificates used. Why we don't consider to use Identity-based security framework ? Best Regards, J. Chen 2008/7/29 Dan York <[EMAIL PROTECTED]> > P2PSIP members, > > Just to re-emphasize Song Haibin's point, the new security requirements > draft (-03): > > > http://www3.tools.ietf.org/html/draft-matuszewski-p2psip-security-requirements > > is a merger of two previous drafts: > > > http://www3.tools.ietf.org/html/draft-matuszewski-p2psip-security-requirements-02 > - from Marcin Matuszewski and others > http://www3.tools.ietf.org/html/draft-song-p2psip-security-eval-00 > - from Song Haiban and others > > While there is still work to do to fully merge the two documents, we (I am > also involved) would like to hear comments on the merged document from list > members. > > - Is this merged draft going in the right direction? > - Are there major holes that you see in the document that need to be > addressed? (Outside of the security issues related to PSTN gateways that I > have indicated in the Author's Note that I'll be adding.) > - Are the Appendices useful? > - Anything else you think should be added to this draft? Anything you > think should be removed? > > There is not currently time on the P2PSIP agenda at IETF 72 to discuss this > draft and so we would appreciate any comments that can be sent on the list. > > Thank you, > Dan > > > > On Jul 26, 2008, at 3:09 PM, songhaibin 64081 wrote: > > Hi all, >> >> In the merged p2psip security requirement draft, the authors analyze the >> p2psip security with p2p layers, with classfied application scenarios, and >> summarize the security requirements in the last. We also list the security >> threats in the appendix. It is a work in progress. If anyone has some >> comments to the draft, the authors will be very glad to hear and take into >> consideration. >> >> >> Best Regards! >> Song Haibin >> _______________________________________________ >> P2PSIP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/p2psip >> > > -- > Dan York, CISSP, Director of Emerging Communication Technology > Office of the CTO Voxeo Corporation [EMAIL PROTECTED] > Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com > Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com > > Build voice applications based on open standards. > Find out how at http://www.voxeo.com/free > > > > > > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip >
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
