[VOIPSEC] An issue of trust?

Mark Teicher mht3 at earthlink.net
Tue Jun 20 13:22:40 CDT 2006 

So what products or services offer this type of 'trust' ?

-----Original Message-----
>From: Andre Fucs de Miranda <afucs-listas at mandicmail.com>
>Sent: Jun 20, 2006 2:00 PM
>To: <David P  <strandd at lucent.com>@unspecified-domain>
>Cc: voipsec at voipsa.org
>Subject: Re: [VOIPSEC] An issue of trust?
>
>David,
>
>Those terms had been on use for few years. Take a look on Lucent's intranet
>for the ITU-T recommendations E.408 and X.800 (trust me) and if I'm not
>mistaken you can get the ETR 336 from the ETSI website.The security services
>may differ on each document but they are basically the same.
>
>Using the ETR 336 lists we have:
>
>* User authentication
>* Peer authentication
>* Data origin authentication
>* Access controls
>* integrity
>* security alarm, audit trail and recovery
>* confidentiality
>* non-repudiation of origin
>* non repudiation of delivery
>
>The E.408 list is:
>
>* User authentication
>* Peer authentication
>* Data origin authentication
>* Management association access control
>* Management notification access control
>* Managed resource access control
>* security alarm, audit trail and recovery
>* Selective field integrity
>* Connection integrity with recovery
>* Connection integrity without recovery
>* Selective field confidentiality
>* Connection/Connectionless confidentiality
>* Traffic flow confidentiality
>* Non-repudiation - proof of sending
>* Non-repudiation - proof of delivery.
>
>BTW, I personally like ITU's E.408. It provides a very flexible security
>framework for telephony (IP, ISDN, PSTN, etc). Sadly I think I'm the only one
>to think that. :-\ I posted an "article" (kind of superficial but...) in the
>website bellow.
>
>Best regards,
>
>--
>Andre Fucs, CISSP
>http://www.fucs.org/
>
>---- Mensagem Original ----
>From: "Strand, David P (Dave)"
>To: "'Geoff Devine'" , "stuart jacobs"
>Sent: Ter, Junho 20, 2006 1:50 pm
>Subject: Re: [VOIPSEC] An issue of trust?
>> Accept the fact that there always will be the need for terminology at
>> multiple levels, and, as we drill down further, the issues and methods
>> of addressing them differ significantly.  Another example of this lies
>> in the management domain, where "configuration management" broadly refers
>> to activities associated with modification of semi-permanent data within
>> network elements.  The first subdivision is what can be termed "engineering"
>> and "subscriber" CM, each of which have significantly different
>> considerations.
>> Bottom line, the generic term CM is useful at one level, while a more
>> pinpointed term is needed at more detailed levels.
>>
>> I like Stu's definitions to distinguish between the two fundamental types
>> of authentication - peer-entity and data origin.  I'd suggest using those,
>> at least on an informal basis, if one doesn't wish to attempt to put the
>> industry stamp of approval on them via a (lengthy) standards process.
>>
>> dps
>>
>> -----Original Message-----
>> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
>> Behalf Of Geoff Devine
>> Sent: Tuesday, June 20, 2006 8:10 AM
>> To: stuart jacobs
>> Cc: Voipsec at voipsa.org
>> Subject: Re: [VOIPSEC] An issue of trust?
>>
>>
>> Right.  But people use "authentication" to mean both things and it is
>> often difficult to tell by context which one they are talking about.
>> I've seen this happen fairly frequently on this email reflector.
>>
>> We live in an industry where our technical jargon is meant to be very
>> precise.  It would be useful to have two different terms.  Does anyone
>> have any suggestions?
>>
>> Geoff
>>
>> -----Original Message-----
>> From: stuart jacobs [mailto:stu.jacobs at verizon.com]
>> Sent: Tuesday, June 20, 2006 10:34 AM
>> To: Geoff Devine
>> Cc: Voipsec at voipsa.org
>> Subject: Re: [VOIPSEC] An issue of trust?
>>
>> Logging in is user or peer-entity authentication
>>
>> per-packet trust mechanism is data origin authentication
>>
>> On Jun 20, 2006, at 9:34 AM, Geoff Devine wrote:
>>
>>> Andy Zmolek writes:
>>>
>>>> Splitting hairs about authentication vs. encryption
>>>
>>>
>>>
>>> I struggle with the terminology.  The way I (mis?)use the term
>>> authentication, it can mean both:
>>>
>>> Logging In: IKE, Kerberos, SIP digest...  I guess this is "session
>>> authentication"
>>>
>>> Per-packet trust mechanism: SHA1, MMH...  I guess this is "packet
>>> authentication"
>>>
>>>> From context, it's not always obvious to me which one someone is
>>>> talking
>>> about.  Are there better terms to distinguish between these two very
>>> different chunks of security technology?
>>>
>>> Geoff
>>>
>>> _______________________________________________
>>> Voipsec mailing list
>>> Voipsec at voipsa.org
>>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>
>>>
>> ========================================================
>> Stuart Jacobs, CISM, CISSP
>> PMTS - Sr. Technologist
>> Network Security
>> Verizon Laboratories
>> 40 Sylvan Road
>> Waltham MA 02451-1128
>> (781) 466-3076
>>
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list