[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [P2PSIP] Including Identity in signature.

To: Bruce Lowekamp <lowekamp at sipeerior.com>
Subject: Re: [P2PSIP] Including Identity in signature.
From: Eric Rescorla <ekr at networkresonance.com>
Date: Thu, 24 Jul 2008 17:05:37 -0700
Cc: P2PSIP WG <p2psip at ietf.org>
Delivered-to: ietfarch-p2psip-web-archive at core3.amsl.com
Delivered-to: p2psip at core3.amsl.com
In-reply-to: <4888EF7D.3080905@sipeerior.com>
List-archive: <http://www.ietf.org/pipermail/p2psip>
List-help: <mailto:p2psip-request@ietf.org?subject=help>
List-id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-post: <mailto:p2psip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
References: <7ED08D66-516D-43A1-BF7A-4A4007331969@cisco.com> <4888EF7D.3080905@sipeerior.com>
Sender: p2psip-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

At Thu, 24 Jul 2008 17:09:17 -0400,
Bruce Lowekamp wrote:
> 
> Cullen Jennings wrote:
> > 
> > This issues is brought up in section 7.1 
> > _______________________________________________
> > P2PSIP mailing list
> > P2PSIP at ietf.org
> > https://www.ietf.org/mailman/listinfo/p2psip
> > 
> 
> For those who haven't looked, the question is whether we need to include 
> the signer's identity in the data signature input.  The draft currently 
> does not.  I'm not aware of any reason to do so (assuming reasonble 
> numbers of bits being used for the keys).

So, the usual rationale here is to prevent substitution attacks.
For instance, an attacker gets a certificate with your public
key but his name and then takes a message you signed and rebadges
it as a message he wrote. It's not clear that this is useful in any
practical setting, but since it's not expensive to prevent, I was sort of
thinking it was worth doing.

-Ekr

_______________________________________________
P2PSIP mailing list
P2PSIP at ietf.org
https://www.ietf.org/mailman/listinfo/p2psip

Follow-Ups:
- Re: [P2PSIP] Including Identity in signature.
  - From: Bruce Lowekamp

References:
- [P2PSIP] Including Identity in signature.
  - From: Cullen Jennings
- Re: [P2PSIP] Including Identity in signature.
  - From: Bruce Lowekamp

Prev by Date: Re: [P2PSIP] Including Identity in signature.
Next by Date: Re: [P2PSIP] Boot strap peers
Previous by thread: Re: [P2PSIP] Including Identity in signature.
Next by thread: Re: [P2PSIP] Including Identity in signature.
Index(es):
- Date
- Thread