Re: [P2PSIP] Identity certificate segregation [was Re: draft-ietf-p2psip-base publication to be requested]

Fri, 01 Jul 2011 04:48:47 -0700 

Hi,

please, let me know whether or not these modifications will be included
in the base draft at this point.

Thanks,

Gonzalo

On 21/06/2011 10:58 PM, Marc Petit-Huguenin wrote:
> I read the paper and this modification makes sense to me (for example without
> this modification a peer that is purely used for routing and storage purpose,
> like a bootstrap peer, had to invent a valid, unique, and useless username 
> just
> to acquire a certificate).
> 
> So I support its inclusion in draft-ietf-p2psip-base.
> 
> On 06/09/2011 10:47 AM, Diego Suarez wrote:
>> I think it would require a (slight) modification in the base document.
>> Current P2PSIP certification model is based on a single PKC (including
>> both usernames and nodeIDs) that uniquely identifies a user and her
>> devices. On the other hand, our model is base on a split certification.
>> Devices and users are independent. Each device has its own PKC including
>> a nodeID and a PK. Similarly, each user has her own PKC including her
>> username and a PK. This approach do not prevent a centralized entity
>> (such as an offline CA) to have information related to the devices each
>> user (or company, etc.) has registered, but permits, among other
>> improvements, a user to be connected to the system through devices she
>> has not registered herself such as a phone issued by a telco or a fixed
>> phone in a laboratory shared by all the members of a research group.
> 
> 
>> On Thu, 2011-06-09 at 10:05 -0700, Marc Petit-Huguenin wrote:
>> Does this model really required modifications in the base document, or can 
>> it be
>> designed as an extension?  (Unfortunately the paper is not freely available, 
>> so
>> it is difficult to know really what is needed for this).
> 
>> On 06/09/2011 07:31 AM, Diego Suarez wrote:
>>>>> Hi, 
>>>>>
>>>>> I had in mind writing a draft about this, but since I'm running out of
>>>>> time, I would like to summarize a new certification model for P2PSIP I
>>>>> have been working on, in case it is of interest for the group.
>>>>> Further details can be found in paper:
>>>>>
>>>>> D. Touceda, J. Camara, L. Villalba, and J. Marquez, Advantages of
>>>>> identity certificate segregation in P2PSIP systems, Communications,
>>>>> IET, vol. 5, pp. 879889, Apr. 2011.
>>>>>
>>>>>
>>>>> The idea is to split the certification of users and devices. Devices are
>>>>> identified by PKCs including a nodeID and the PK of the device, while
>>>>> users are identified by PKCs including a username and the PK of the
>>>>> user. Similar models have been used before in other communications
>>>>> systems, such as GSM where devices and users are separately represented
>>>>> by the international mobile equipment identity (IMEI) stored in the
>>>>> phones and the international mobile subscriber identity (IMSI) stored in
>>>>> the user subscriber identity module (SIM), respectively.
>>>>>
>>>>> Motivations of this model are:
>>>>>
>>>>> - Users and devices are different entities performing different
>>>>> roles within a P2PSIP system. Devices are nodes of the P2P
>>>>> overlay network (represented by a nodeID) that offer services
>>>>> (to route messages, to store data, . . .) to the system, while
>>>>> users (represented by an username) utilize these services,
>>>>> usually to establish media communications using SIP.
>>>>>
>>>>> - Support for mobility scenarios where a user may be logged at different
>>>>> devices at the same time using the same PKC.
>>>>>
>>>>> - Support several users to be logged in the same device (like a fixed
>>>>> phone) at the same time.
>>>>>
>>>>> - Support for user independent hard-coded devices.
>>>>>
>>>>> - Interoperability with SIP. SIP certificates are not valid in actual
>>>>> P2PSIP since they don't include a nodeID.
>>>>>
>>>>> cheers
>>>>>
>>>>> Diego Suárez
>>>>>
>>>>>
>>>>> On Wed, 2011-06-08 at 09:48 -0700, David A. Bryan wrote:
>>>>>> Unless something major comes up, we plan to request the newest version
>>>>>> of the base draft, draft-ietf-p2psip-base-15, be published. I'll put
>>>>>> in the request in a week (June 16th or 17th). If there are any further
>>>>>> comments from the last call a while ago (or further comments on the
>>>>>> comments since then), please send them to the list ASAP.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> David (as chair)
>>>>>> _______________________________________________
>>>>>> P2PSIP mailing list
>>>>>> [email protected]
>>>>>> https://www.ietf.org/mailman/listinfo/p2psip
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> P2PSIP mailing list
>>>>> [email protected]
>>>>> https://www.ietf.org/mailman/listinfo/p2psip
> 
> 
> 
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip

_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip

Reply via email to