[VOIPSEC] An issue of trust?

Andre Fucs de Miranda afucs-listas at mandicmail.com
Tue Jun 20 13:00:20 CDT 2006 

David,

Those terms had been on use for few years. Take a look on Lucent's intranet
for the ITU-T recommendations E.408 and X.800 (trust me) and if I'm not
mistaken you can get the ETR 336 from the ETSI website.The security services
may differ on each document but they are basically the same.

Using the ETR 336 lists we have:

* User authentication
* Peer authentication
* Data origin authentication
* Access controls
* integrity
* security alarm, audit trail and recovery
* confidentiality
* non-repudiation of origin
* non repudiation of delivery

The E.408 list is:

* User authentication
* Peer authentication
* Data origin authentication
* Management association access control
* Management notification access control
* Managed resource access control
* security alarm, audit trail and recovery
* Selective field integrity
* Connection integrity with recovery
* Connection integrity without recovery
* Selective field confidentiality
* Connection/Connectionless confidentiality
* Traffic flow confidentiality
* Non-repudiation - proof of sending
* Non-repudiation - proof of delivery.

BTW, I personally like ITU's E.408. It provides a very flexible security
framework for telephony (IP, ISDN, PSTN, etc). Sadly I think I'm the only one
to think that. :-\ I posted an "article" (kind of superficial but...) in the
website bellow.

Best regards,

--
Andre Fucs, CISSP
http://www.fucs.org/

---- Mensagem Original ----
From: "Strand, David P (Dave)"
To: "'Geoff Devine'" , "stuart jacobs"
Sent: Ter, Junho 20, 2006 1:50 pm
Subject: Re: [VOIPSEC] An issue of trust?
> Accept the fact that there always will be the need for terminology at
> multiple levels, and, as we drill down further, the issues and methods
> of addressing them differ significantly.  Another example of this lies
> in the management domain, where "configuration management" broadly refers
> to activities associated with modification of semi-permanent data within
> network elements.  The first subdivision is what can be termed "engineering"
> and "subscriber" CM, each of which have significantly different
> considerations.
> Bottom line, the generic term CM is useful at one level, while a more
> pinpointed term is needed at more detailed levels.
>
> I like Stu's definitions to distinguish between the two fundamental types
> of authentication - peer-entity and data origin.  I'd suggest using those,
> at least on an informal basis, if one doesn't wish to attempt to put the
> industry stamp of approval on them via a (lengthy) standards process.
>
> dps
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
> Behalf Of Geoff Devine
> Sent: Tuesday, June 20, 2006 8:10 AM
> To: stuart jacobs
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] An issue of trust?
>
>
> Right.  But people use "authentication" to mean both things and it is
> often difficult to tell by context which one they are talking about.
> I've seen this happen fairly frequently on this email reflector.
>
> We live in an industry where our technical jargon is meant to be very
> precise.  It would be useful to have two different terms.  Does anyone
> have any suggestions?
>
> Geoff
>
> -----Original Message-----
> From: stuart jacobs [mailto:stu.jacobs at verizon.com]
> Sent: Tuesday, June 20, 2006 10:34 AM
> To: Geoff Devine
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] An issue of trust?
>
> Logging in is user or peer-entity authentication
>
> per-packet trust mechanism is data origin authentication
>
> On Jun 20, 2006, at 9:34 AM, Geoff Devine wrote:
>
>> Andy Zmolek writes:
>>
>>> Splitting hairs about authentication vs. encryption
>>
>>
>>
>> I struggle with the terminology.  The way I (mis?)use the term
>> authentication, it can mean both:
>>
>> Logging In: IKE, Kerberos, SIP digest...  I guess this is "session
>> authentication"
>>
>> Per-packet trust mechanism: SHA1, MMH...  I guess this is "packet
>> authentication"
>>
>>> From context, it's not always obvious to me which one someone is
>>> talking
>> about.  Are there better terms to distinguish between these two very
>> different chunks of security technology?
>>
>> Geoff
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>
> ========================================================
> Stuart Jacobs, CISM, CISSP
> PMTS - Sr. Technologist
> Network Security
> Verizon Laboratories
> 40 Sylvan Road
> Waltham MA 02451-1128
> (781) 466-3076
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list