[VOIPSEC] Fwd: An issue of trust?

Brian Honan brian.honan at bhconsulting.ie
Fri Jun 16 11:05:41 CDT 2006 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Simon

Very true, but how do I know I can trust the trusted third party?  If
you are located in the US and I am located in Ireland, then who is a
trusted third party?  A commercial organisation?  A government
agency? If so which one?  Would I trust the US government?  Would you
trust the Irish government?  So while the technology may be capable
of managing a trust relationship, we still have to find a way to
independently establish the trust in the first place.

Interestingly when I brought the topic of trust up in a seminar I
gave here in Ireland, I asked people who would they trust to manage
digital certs? The first option offered was the Irish postal service,
not too many were very keen on this as a solution.  The second option
was the Irish government whom no-one wanted to trust with such a
service as they felt there would be a back door.  The final option
was Microsoft who the majority of people said they would trust more
than the previous options.   Interesting to see that a commercial
organisation is more trusted than the other options.

Brian


Brian Honan
BH Consulting
Helping You Piece IT Together
T:   +353-1-4404065
M:   +353-868114066
E:   brian.honan at bhconsulting.ie
W:   www.bhconsulting.ie

Supporting Global Security Week http://www.globalsecurityweek.com

This message is for the named person's use only. If you received this
message in error, please immediately delete it and all copies and
notify the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient. Any views expressed in this message
are those of the individual sender and not of BH Consulting.
- -----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On Behalf Of Simon Horne
Sent: 16 June 2006 01:50
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] Fwd: An issue of trust?


Brian

Actually, end to end trusted identity is very possible in H.323.
H.235.2 is the applicable standard . You can embedded digital
identity information ie
X.509 cert from a trusted third party into the call setup message
(equivalent to the INVITE in SIP). The caller inserts the signed
certificate when placing the call and the remote party verifies it
before accepting the call.


Simon

At 05:25 AM 16/06/2006, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Not wanting to bring the thread totally off topic, but isn't trusted 
>identity the key issue in any secure transaction/relationship?  And as 
>of yet we still have not found a way to do this via computers yet.
>  As someone pointed out to me, once we are born and the umbilical cord 
>is cut we depend on third parties to verify who we are.
>
>
>Brian Honan
>BH Consulting
>Helping You Piece IT Together
>T:   +353-1-4404065
>M:   +353-868114066
>E:   brian.honan at bhconsulting.ie
>W:   www.bhconsulting.ie
>
>Supporting Global Security Week http://www.globalsecurityweek.com
>
>This message is for the named person's use only. If you received this 
>message in error, please immediately delete it and all copies and 
>notify the sender. You must not, directly or indirectly, use, disclose, 
>distribute, print, or copy any part of this message if you are not the 
>intended recipient. Any views expressed in this message are those of 
>the individual sender and not of BH Consulting.
>- -----Original Message-----
>From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
>On Behalf Of Michael Slavitch
>Sent: 15 June 2006 22:10
>To: Voipsec at voipsa.org
>Subject: [VOIPSEC] Fwd: An issue of trust?
>
>There is one problem. They don't offer end-to-end trusted identity.
>It is not a networking issue.
>
>On 6/15/06, Smith, Donald < Donald.Smith at qwest.com> wrote:
> >
> > Most ISPs will provide anything your willing to pay for.
> > Nearly every ISPs offers performance and uptime SLA's some offer 
> > DDOS  SLA's.
> > Some offer various Managed Security products (firewalls, IDS, VPN
> > ...)  with SLAs.
> >
> >
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.1
>
>iQA/AwUBRJHQP4u28IDxtc99EQJqYwCdG20Hm+ocHeuZlexeDP/MQo3F79oAnAr1
>2yBVlXGbruYN+15cpHM6y9gr
>=PI4m
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRJJeM4u28IDxtc99EQKLygCgqIYrPQvSUAKB26LoETkARN9+l5wAoLqA
P8MOOg+zQkFPkWcdLqG0fuV4
=c65H
-----END PGP SIGNATURE-----

More information about the Voipsec mailing list