ietf-mailsig
[Top] [All Lists]

a draft on messaging, impersonation and identity

2004-10-16 03:24:06


Hello,

Long time listener, first time caller.

Once or twice, it has been mentioned on this list that identity work has
been underway in the SIP WG of the IETF, and that there are some high-level
similarities between that work and the work here. As I was writing up an
overview of the design decisions and trade-offs we perceived in the SIP
identity work over the past couple years, I decided to try to make these
remarks less specific to SIP, and more applicable to Internet messaging
systems that share a certain set of qualities.

The result is the following draft (which you can fetch here until it appears
in the repository, or if you just like HTML versions):

http://www.unreason.com/jfp/ietf/draft-peterson-message-identity-00.html

To be clear, this draft is not a proposal for an identity scheme for email
or indeed any other protocol. Instead, it tries to define the threat of
impersonation and the concept of identity for messaging, delineate some
roles in an identity architecture that meet might that threat, and discuss
the structure and distribution of both identity assertions and the
cryptographic keys which might be used to secure them.

In terms of applicability to this group: while this document does not argue
for any particular proposal, it might provide some useful vocabulary and
architectural concepts, show the trade-offs associated with various design
decisions, and perhaps most importantly show how these design decisions
interrelate. If the analysis seems valid to the group, this document could
be used to classify and compare the various solutions being considered here.
Being a -00 draft, it is undoubtedly not perfect, but perhaps it's a
reasonable start.

Jon Peterson
NeuStar, Inc.


<Prev in Thread] Current Thread [Next in Thread>