[VOIPSEC] Key Negotiation for SRTP (Ahmar Ghaffar)

Robert Moskowitz rgm at icsalabs.com
Tue Sep 6 10:57:05 CDT 2005 

At 07:50 PM 9/2/2005, Mark Baugher wrote:

>On Aug 31, 2005, at 3:25 PM, Robert Moskowitz wrote:
>...
>>We are starting to see large PKI deployments like CERTIPATH, HEBCA, 
>>and SAFE.  Then there is ACES.  So there options.
>
>The difference with telephony is that it is any-to-any that is not 
>limited to well-defined communities such as in pharmaceuticals, 
>defense, government or health care.

Mark, I understand.  But a world-wide PKI ain't going to happen until 
it is needed.

First off, the four big US PKIs (fPKI, HEPKI, Certipath, SAFE) are 
working at cross-certifing their bridges.  May take a yaer to get 
there, but a driving app can make it happen sooner.  There are EU 
efforts as well.

The US banks (via SWIFT? or NACHA?) could be the focus for consumer 
PKI.  I have seen various threads on this from ABA (Banking, not 
Bar).  States may get into the business, but there will be privacy 
concern pushback, that is way the banks are a better direction here 
in the USofA.

>>And if product supported PKI authentication (A USB port on every 
>>phone?), those and other PKIs would have a 'killer' application.
>
>I like this idea.  In fact, it's possible to provide the same 
>functionality through an Ethernet port that we do through a USB - an 
>Ethernet dongle might be cheaper than a USB dongle for a simple 
>network device like a phone.  But how do you see it being used?

I really cannot comment on the Ethernet dongle, but I am aready 
seeing USB cert dongles being used for SAFE.  Either the user is 
physically with the RA at signing time, or a fulfillment company (RSA 
is already in this game) supplies the dongles and the user does a 
'standard' PKCS10 exchange with the RA, using the passphrase supplied 
in a separate mailing.

I would like to see this group set out a set of security levels from 
none through PKI.

Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who 
gets the credit

More information about the Voipsec mailing list