Re: [Geopriv] Geopriv for emergency calls

From: Henning Schulzrinne ^lt;hgs@cs.columbia.edu>
Date: Tue Nov 18 2003 - 09:24:16 EST

> you argue that this message communication is not end-to-end. why do you
> think that end-to-end security is then problematic?
>
> i assume you would like to avoid asymmetric cryptographic algorithms.
>
> does the originating terminal (sip phone) know which entity is going perform
> cryptographic verification?
>

No - that's the whole point (unless you assume that all emergency call
centers share the same private/public key pair, which is clearly not a
good idea). You address the message to an abstract entity, but the
recipient may, depending on your location, be any of thousands of
emergency call centers, all operated by different governmental entities.

Redirection can solve some of these problems, but it does add
significant delay if you have to traverse the wireless channel several
times and transmit a large (signed) object across it or have to set up
an on-demand TLS connection with the multiple round-trip times that
requires.

(Redirection = contact locally trusted proxy that then tells you the
identity and public key of the ECC, so that you can send e2e encrypted
material. This assumes that there is a directory of such ECCs that is
being made available to the public. This, unfortunately, may or may not
happen; I'm working within NENA to convince people that they should, but
calling this an uphill struggle is an understatement.)

> is it sufficient to protect the location object to the first entity (e.g.,
> first sip proxy) only? is there are strong trust relationship between the
> entities in the network which need to inspect location information for the
> purpose of routing the call?

Depends on what you define by trust. You pretty much have to trust your
outbound proxy, as it can probably just refuse to open the firewall for
you and it needs to be able to inspect the destination address. It knows
your network attachment point, so it probably has a good idea about your
location in any event.

The outbound proxy will then likely contact some kind of proxy or
redirect server that has knowledge of the geo-to-ECC mapping. While no
such entities exist today in the IP arena, it seems reasonable to assume
that they will be operated by either a government agency or a delegate
(some private company or not-for-profit operating the service on a
contract basis). In the PSTN, the model is similar, with the 'selective
router' filling that role, operated typically by the ILEC in the US, on
a PUC-regulated basis.

> this sounds very useful for me. in order to protect the location object
> against eavesdroppers it has to be encrypted.
> this needs to be considered.

Presumably channel security such as TLS can satisfy this need.

>
> i think that it might be difficult to mandate s/mime protection everywhere
> particularly since you might already protect sip signaling (or other using
> protocols) already. considering this issue in light of the using protocol
> might be useful.
>

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue Nov 18 09:25:21 2003

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:24 EST