On Feb 18, 2008, at 8:50 AM, Paul Kyzivat wrote: > > I thought the problem was already well known, but perhaps not. IMO the > main thing now is to figure out the *solution* to the problem! > IMO a solution is to use a 4474-style approach, but where the > certificate is tied to just the phone number, not to some arbitrary > domain name. That of course would depend on a model where the > "owner" of > the phone number is the one who may obtain the certificate for that > number.
You might take a look at "Identity Based Authentication in the Session Initiation Protocol", draft-kupwade-sip-iba-00. This draft is a bit incomplete, but it's the reduction of a far longer master's thesis that I'm familiar with. It seems reasonably feasible to consider the phone number an "identity" within the domain of an identity-based private key generator. The math is now available to handle multiple levels of PKG hierarchy, which allows key-generation delegation along the ENUM tree lines. On an operational basis, it seems a lot easier to work with than a CA model. -- Dean _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
