nanog mailing list archives
Re: Vonage complains about VoIP-blocking
From: Sean Donelan <sean () donelan com>
Date: Tue, 15 Feb 2005 21:20:56 -0500 (EST)
On Tue, 15 Feb 2005, Steven M. Bellovin wrote:
The really interesting question, to me, is how to let users provision their phones to talk to the operator of their choice. The simplest solution is probably something like a SIM; it would contain the customer subscription data and the operator's CA certificate. Switching providers would be as simple as switching SIMs. (Of course, that assumes that this time we can avoid SIM-locking nonsense....)
Like a SIM card, you want to give the authentication information to the user in a form the user can't access themselves. Yes, Virginia the user really is the weakest link. If the user has access to it, in the real world it seems like lots of other people can get access to it. Usernames and N (pick any value for N, it doesn't matter) character static passwords, blech. So how does the user's choice of service provider securely deliver the authentication information to the user's choice of device, without knowing anything about the user or device ahead of time. Physical hardware (i.e. a SIM card) works, and we know the physics involved with its security. But its darn expensive, and people don't like waiting for the mail to deliver it. Most online methods rely on a pseudo-out-of-band authentication method, which usually turns into a version of static password. It should be easy, but it quickly turns into a hard problem to solve.
Current thread:
- RE: Vonage complains about VoIP-blocking, (continued)
- RE: Vonage complains about VoIP-blocking Nathan Allen Stratton (Feb 15)
- RE: Vonage complains about VoIP-blocking Michael Hallgren (Feb 15)
- Re: Vonage complains about VoIP-blocking Chris Parker (Feb 15)
- Re[2]: Vonage complains about VoIP-blocking C. Hagel (Feb 16)
- Re: Re[2]: Vonage complains about VoIP-blocking Stephen Sprunk (Feb 16)
- RE: Vonage complains about VoIP-blocking Nathan Allen Stratton (Feb 15)
- Re: Vonage complains about VoIP-blocking Stephen Sprunk (Feb 15)
- RE: Vonage complains about VoIP-blocking Sean Donelan (Feb 15)
- Re: Vonage complains about VoIP-blocking Steven M. Bellovin (Feb 15)
- Re: Vonage complains about VoIP-blocking Sean Donelan (Feb 15)
- RE: bad Vonage connection, was Vonage complains about VoIP-blocking John R Levine (Feb 15)
- RE: bad Vonage connection, was Vonage complains about VoIP-blocking Daniel Senie (Feb 16)
- Re: bad Vonage connection, was Vonage complains about VoIP-blocking John Levine (Feb 16)
- RE: bad Vonage connection, Jeffrey Race (Feb 16)
- Re: bad Vonage connection, John Levine (Feb 17)