[VOIPSEC] Identity Management and VoIP and More

ZhaoL hi2005 at gmail.com
Thu Apr 20 06:39:52 PDT 2006

I do agree to your points. Human identity and authentication is at a higher
level than equipment/OS identity and authentication. But they both serve us
well for different purpose. Current PSTN phones use physical equipment
(line) authentication, while our today's IM/VoIP systems use
password/personalality recognition. At IMS time, both equipment and  person
authentication  would be used at the same time for different services.

On 4/19/06, Leslie Asamoa-Krodua <leslie at asamoa.fi> wrote:
> Hello All,
> I recently completed a major study on VoIP security initiated to
> understand the impact of this means within this enterprise. The
> bottom line is that VoIP although ACL'd still lacks the necessary
> control and tracking because its so easy to impersonate in the
> virtual world.
> I then started wondering what eminent, real world, solutions may save
> this great technology like it saved our society. I then started
> dwelling on passports and driving licenses. In all forms of the
> Internet, and maybe this is because of its simplicity or the
> intention of simplifying this technology (Internet) that such
> mechanisms of control have been avoided.
> RATHER, the Internet is rigged with passwords and user names; and
> then I thought, well if that is the case; and IF simplicity is what I
> am really gunning for, would I love to log into my car before I go to
> work?
> Would I like to provide my user name and password before I purchase
> an item from a store?
> Its obvious isn't it? Well then why does this requirement fall on us
> within the Internet? Because I would rather, and I imagine it to be
> so, shortly, not have to log into a PC to use an application. I would
> expect that the PC was like a Kiosk and I could access whatever
> application IN a PERSONALISED way.
> This drew my to thinking how the talk of MIKEY for VoIP sounds like a
> solution I would propose. But this problem is not limited to VoIP
> only, its everywhere and security issues are hard to resolve because
> we do not know who started it! And so we cannot ask the WHY and HOW.
> Well I want to be able to. And so going from Smart cards to
> Certificates embedded into 'wallets' or credit cards or house keys, I
> would like to find a way to deal with this. And enable a kiosking
> mode where personalisation and identity are managed in a different
> way. and in parallel bring that implementation to the handset or soft
> client.
> If VoIP could do anything for 911, it should be able to tell the
> emergency services who you are and not just where you are.
> Leslie Asamoa-Krodua
> Asamoa Oy
> http://dev.asamoa.fi
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

ZHAO, Liang (Richard)
Mobile: 86-13911532790
Office: 8610-58216804
Email: hi2005 at gmail.com
Blog: http://hi2005.wordpress.com

More information about the Voipsec mailing list