-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Stephen Sprunk Sent: Tuesday, February 15, 2005 6:08 PM To: Bruce Campbell Cc: North American Noise and Off-topic Gripes Subject: Re: Vonage complains about VoIP-blocking
Introducing new devices that are intended to trust that big, bad, easily spoofable internet using non-secured protocols such as tftp in order to get their configuration from a non-local server shows a degree of trust not seen since the Famous Five, the BabySitters Club and
Thus spake Bruce Campbell" <bc-nanog@vicious.dropbear.id.au> pre '96 O'Reilly
books on writing internet protocols.
Unfortunately, TFTP is the only protocol that many phone vendors implement -- and VoIP operators aren't happy about it. Some vendors have started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to utilize https? -M<
Thus spake "Hannigan, Martin" <hannigan@verisign.com>
Unfortunately, TFTP is the only protocol that many phone vendors implement -- and VoIP operators aren't happy about it. Some vendors have started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to utilize https?
One needs an SSL certificate, but the operator may already have one. If not, or they don't want to reuse an existing server, they can either get one for a fee or maybe use a self-signed certificate. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Unfortunately, TFTP is the only protocol that many phone vendors implement -- and VoIP operators aren't happy about it. Some vendors have started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to utilize https?
Only if you like giving $995 to Verisign for fancy SSL certificates. Most https phones can use locally issued X.509 certificates for the download. Some use a manufacturer issued root certificates if you want to get fancy and use code signing, etc. Not the same problem as Microsoft Internet Explorer trusting every root certificate in its cache. IP phones usually have a very short certificate trust list in the phone.
In message <Pine.GSO.4.58.0502152015130.16931@clifden.donelan.com>, Sean Donela n writes:
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Unfortunately, TFTP is the only protocol that many phone vendors implement -- and VoIP operators aren't happy about it. Some vendors have started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to utilize https?
Only if you like giving $995 to Verisign for fancy SSL certificates.
Most https phones can use locally issued X.509 certificates for the download. Some use a manufacturer issued root certificates if you want to get fancy and use code signing, etc.
Not the same problem as Microsoft Internet Explorer trusting every root certificate in its cache. IP phones usually have a very short certificate trust list in the phone.
Precisely. You not only don't need a Verisign cert for this, you don't want one. The phone should trust the authorized operator, which bears no relationship to an identity that Verisign (or whomever) attests to. The really interesting question, to me, is how to let users provision their phones to talk to the operator of their choice. The simplest solution is probably something like a SIM; it would contain the customer subscription data and the operator's CA certificate. Switching providers would be as simple as switching SIMs. (Of course, that assumes that this time we can avoid SIM-locking nonsense....) --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Tue, 15 Feb 2005, Steven M. Bellovin wrote:
The really interesting question, to me, is how to let users provision their phones to talk to the operator of their choice. The simplest solution is probably something like a SIM; it would contain the customer subscription data and the operator's CA certificate. Switching providers would be as simple as switching SIMs. (Of course, that assumes that this time we can avoid SIM-locking nonsense....)
Like a SIM card, you want to give the authentication information to the user in a form the user can't access themselves. Yes, Virginia the user really is the weakest link. If the user has access to it, in the real world it seems like lots of other people can get access to it. Usernames and N (pick any value for N, it doesn't matter) character static passwords, blech. So how does the user's choice of service provider securely deliver the authentication information to the user's choice of device, without knowing anything about the user or device ahead of time. Physical hardware (i.e. a SIM card) works, and we know the physics involved with its security. But its darn expensive, and people don't like waiting for the mail to deliver it. Most online methods rely on a pseudo-out-of-band authentication method, which usually turns into a version of static password. It should be easy, but it quickly turns into a hard problem to solve.
participants (5)
-
Hannigan, Martin -
Nathan Allen Stratton -
Sean Donelan -
Stephen Sprunk -
Steven M. Bellovin