[VOIPSEC] An issue of trust?

Simon Horne s.horne at packetizer.com
Tue Jun 20 22:17:42 CDT 2006 

At 12:50 AM 21/06/2006, you wrote:
>I like Stu's definitions to distinguish between the two fundamental types
>of authentication - peer-entity and data origin.  I'd suggest using those,
>at least on an informal basis, if one doesn't wish to attempt to put the
>industry stamp of approval on them via a (lengthy) standards process.

I think you can define data origin authentication much like the classic CAL 
with a messages socket source address checking against a list of approved 
IP addresses. peer-entity is much more in the line of the remote entity 
supplying something (username, password, PKI) for the purpose of 
authentication.

In OpenH323 I just called peer-entity authentication "Caller 
Authentication" when I wrote the stuff in but having a common agreed term 
does make sense and save a lot of possible confusion.

Simon


>dps
>
>-----Original Message-----
>From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
>Behalf Of Geoff Devine
>Sent: Tuesday, June 20, 2006 8:10 AM
>To: stuart jacobs
>Cc: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] An issue of trust?
>
>
>Right.  But people use "authentication" to mean both things and it is
>often difficult to tell by context which one they are talking about.
>I've seen this happen fairly frequently on this email reflector.
>
>We live in an industry where our technical jargon is meant to be very
>precise.  It would be useful to have two different terms.  Does anyone
>have any suggestions?
>
>Geoff
>
>-----Original Message-----
>From: stuart jacobs [mailto:stu.jacobs at verizon.com]
>Sent: Tuesday, June 20, 2006 10:34 AM
>To: Geoff Devine
>Cc: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] An issue of trust?
>
>Logging in is user or peer-entity authentication
>
>per-packet trust mechanism is data origin authentication
>
>On Jun 20, 2006, at 9:34 AM, Geoff Devine wrote:
>
> > Andy Zmolek writes:
> >
> >> Splitting hairs about authentication vs. encryption
> >
> > <snip>
> >
> > I struggle with the terminology.  The way I (mis?)use the term
> > authentication, it can mean both:
> >
> > Logging In: IKE, Kerberos, SIP digest...  I guess this is "session
> > authentication"
> >
> > Per-packet trust mechanism: SHA1, MMH...  I guess this is "packet
> > authentication"
> >
> >> From context, it's not always obvious to me which one someone is
> >> talking
> > about.  Are there better terms to distinguish between these two very
> > different chunks of security technology?
> >
> > Geoff
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
>========================================================
>Stuart Jacobs, CISM, CISSP
>PMTS - Sr. Technologist
>Network Security
>Verizon Laboratories
>40 Sylvan Road
>Waltham MA 02451-1128
>(781) 466-3076
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list