[VOIPSEC] DKIM Domain Key Identified Mail

AVM drsavm at gmail.com
Wed Nov 30 09:17:19 CST 2005 

Hello,

The point which was brought by Simon is more valid by having end-to-end
authentication and encryption. In my company, we have achieved end-to-end
authentication and confidentiality of the message using certificate based on
the model of PGP with the web of trust for smart phones based on Symbain OS.
As far as the  mobile  users  or even VoIP users are  concerned, one user
would have very small group of users to communicate with. The key management
for closed users group is always possible.
In stead of authentication and confidentiality between two SIP servers, if
it can be extended to end-to-end VoIP devices, then it will be ideal
solution. Even though there are certain drawbacks and restriction for such
implementation, it can be overcome by web of trust concept.

with regards
Dr. Manickam



On 11/25/05, Simon Horne <s.horne at isvo.net> wrote:
>
>
> Dan,
>
> sip identity I think is quite different to DKIM. In sip identity you are
> authenticating both UA's using the SIP servers The DKIM is just
> authenticating the sending server and not the actual sender (or caller).
> To
> include a SIP server signature in the invite message is quite simple, the
> calling UA is already authenticated with the sip server, then all that is
> required is the receiving server to authenticate the sending
> server.  Since
> the person being called is already authenticated with the receiving SIP
> server then you have common trust.
>
> I notice this also covers end user end-to-end authentication however....
> From draft-ietf-sip-identity-06.txt
> ....
> To maximize end-to-end security, it is obviously preferable for end users
> to acquire their own certificates and corresponding private keys; if they
> do, they can act as an authentication service.  However, end-user
> certificates may be neither practical nor affordable, given the
> difficulties of establishing a PKI that extends to end users....
> ...Accordingly, in the initial use of this mechanism, it is likely that
> intermediaries will instantiate the authentication service role....
>
> Ideally. This it what we're trying to port to SIP, the UA's act as their
> own authentication service.:(
>
> Also I noticed that it may take 6 messages to authenticate both parties
> and
> then on top of that you may have to download 2 certificates. If parties
> are
> a distance apart (say 150ms delay) then it maybe in excess of 1.5 sec just
> to authenticate each other, is that acceptable?
>
>
> Simon
>
> At 08:51 AM 25/11/2005, Dan Wing wrote:
> >draft-ietf-sip-identity-06.txt is arguably similar to DKIM, and applies
> to
> >SIP.
> >
> >I believe it has been approved by the IESG and is the RFC Editor's queue
> >(which means it'll soon be an RFC).
> >
> >-d
> >
> >
> > > -----Original Message-----
> > > From: Voipsec-bounces at voipsa.org
> > > [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Simon Horne
> > > Sent: Thursday, November 24, 2005 12:22 AM
> > > To: voipsec at voipsa.org
> > > Subject: [VOIPSEC] DKIM Domain Key Identified Mail
> > >
> > >
> > > Came across this draft to the IETF being used to authenticate
> > > email and
> > > prevent spoofing.
> > >
> > > http://bgp.potaroo.net/ietf/idref/draft-allman-dkim-base/
> > > Interesting idea for a domain server to sign outgoing emails
> > > and have the
> > > receiving server validate them with the sender domain's public key
> > > retrieved from DNS.
> > >
> > > It's very light weight and I wonder whether it would
> > > applicable to use
> > > between SIP servers
> > > ie the server signs the invite message and the receiver validates the
> > > signature before routing the message.
> > >
> > > I don't think storing in DNS and retrieving as required is a
> > > good idea for
> > > real time communication however having a central repository
> > > might be an
> > > idea which the SIP servers can put down every day or so. This
> > > will save a
> > > lot of work compared to each server maintaining a large ACL
> > >
> > >
> > > Simon
> > >
> > >
> > > _______________________________________________
> > > Voipsec mailing list
> > > Voipsec at voipsa.org
> > > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> *************************************************************
> Simon Horne
> Director
> International Secure Virtual Offices (Asia) Pte Ltd
> 1 Liang Seah St                 Virteos H323COMtools
> #04-24 Liang Seah St
> Singapore 189022                    Timezone (+8 GMT)
> http://www.isvo.net             Ph:  +65 6837 3326
>
> ************************************************************
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list