[VOIPSEC] An issue of trust?
Strand, David P (Dave)
strandd at lucent.com
Tue Jun 20 11:50:34 CDT 2006
Accept the fact that there always will be the need for terminology at
multiple levels, and, as we drill down further, the issues and methods
of addressing them differ significantly. Another example of this lies
in the management domain, where "configuration management" broadly refers
to activities associated with modification of semi-permanent data within
network elements. The first subdivision is what can be termed "engineering"
and "subscriber" CM, each of which have significantly different considerations.
Bottom line, the generic term CM is useful at one level, while a more
pinpointed term is needed at more detailed levels.
I like Stu's definitions to distinguish between the two fundamental types
of authentication - peer-entity and data origin. I'd suggest using those,
at least on an informal basis, if one doesn't wish to attempt to put the
industry stamp of approval on them via a (lengthy) standards process.
dps
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
Behalf Of Geoff Devine
Sent: Tuesday, June 20, 2006 8:10 AM
To: stuart jacobs
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] An issue of trust?
Right. But people use "authentication" to mean both things and it is
often difficult to tell by context which one they are talking about.
I've seen this happen fairly frequently on this email reflector.
We live in an industry where our technical jargon is meant to be very
precise. It would be useful to have two different terms. Does anyone
have any suggestions?
Geoff
-----Original Message-----
From: stuart jacobs [mailto:stu.jacobs at verizon.com]
Sent: Tuesday, June 20, 2006 10:34 AM
To: Geoff Devine
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] An issue of trust?
Logging in is user or peer-entity authentication
per-packet trust mechanism is data origin authentication
On Jun 20, 2006, at 9:34 AM, Geoff Devine wrote:
> Andy Zmolek writes:
>
>> Splitting hairs about authentication vs. encryption
>
> <snip>
>
> I struggle with the terminology. The way I (mis?)use the term
> authentication, it can mean both:
>
> Logging In: IKE, Kerberos, SIP digest... I guess this is "session
> authentication"
>
> Per-packet trust mechanism: SHA1, MMH... I guess this is "packet
> authentication"
>
>> From context, it's not always obvious to me which one someone is
>> talking
> about. Are there better terms to distinguish between these two very
> different chunks of security technology?
>
> Geoff
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
========================================================
Stuart Jacobs, CISM, CISSP
PMTS - Sr. Technologist
Network Security
Verizon Laboratories
40 Sylvan Road
Waltham MA 02451-1128
(781) 466-3076
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list