draft-rescorla-fallback-01

Slides:



Advertisements
Similar presentations
Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Advertisements

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University.
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
-framework Brian Rosen. -11 version deals with IESG comments All comment resolved one way or another One open issue – spec(t)
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.
IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.
Credentials Roadmap STIR WG IETF 90 (Toronto) Sean Turner
Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.
Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
STIR In-Band Signature Transport draft-kaplan-stir-ikes-out-00 Hadriel Kaplan.
SIP Extensions for Network-Asserted Caller Identity and Privacy within Trusted Networks Flemming Andreasen W. Marshall, K. K. Ramakrishnan,
SIP-H.323 Interworking Group RRR-1 IETF-48 SIP-H.323 Interworking Requirements draft-agrawal-sip-h323-interworking-reqs-00.txt Hemant.
Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan
Call Completion using BFCP draft-roach-sipping-callcomp-bfcp IETF 67 – San Diego November 7, 2006.
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-00) IETF 87, November 4, 2013 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
SIP connection tracking
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
Paul E. Jones Cisco Systems, Inc.
Timeline – Standards & Requirements
Outline The basic authentication problem
Telephone Related Queries (TeRQ)
Emergency Call Support
TN Proof-of-Possession and Number Portability
Encryption and Network Security
STIR WG / IETF 94 Yokohama, Nov 2015 Jon
Timeline - ATIS Involvement
TeRI and the MODERN Framework
ECRIT Interim: SIP Location Conveyance
STIR WG / IETF 97 Seoul, Nov 2016 Jon
Discussions on FILS Authentication
Session Initiation Protocol (SIP)
MLEF Without Capacity Admission Does Not Satisfy MLPP Requirements
Chris Wendt, David Hancock (Comcast)
Timeline - ATIS Involvement
START The way we trust is changing Presentation for Thursday at IAAO
Verstat Related Best Practices
RFC PASSporT Construction 6.2 Verifier Behavior
IP-NNI Task Force – Phase 2
RFC PASSporT Construction 6.2 Verifier Behavior
RFC PASSporT Construction 6.2 Verifier Behavior
Doug Bellows – Inteliquent 10/4/2018
IETF 101 (London) STIR WG Mar2018
Use of Ethernet Control Word RECOMMENDED
David Noveck IETF99 at Prague July 20, 2017
Topic 5: Communication and the Internet
RFC Verifier Behavior Step 4: Check the Freshness of Date
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
An MPLS-Based Forwarding Plane for Service Function Chaining
Shared Infrastructure
STIR Certificate delegation
TDR authentication requirements
STIR / SHAKEN for 911 use of SHAKEN 8/7/2019
Relay User Machine (rum)
draft-ietf-stir-oob-02 Out of Band
IETF 103 (กรุงเทพฯ) STIR WG Nov 2018
IETF 102 (Montreal) STIR WG Jul 2018
Presentation transcript:

draft-rescorla-fallback-01 STIR WG Seoul Nov 2016

Thread Necromancy Been a long time… Charter: “the in-band mechanism must be sent to the IESG for approval and publication prior to the out-of-band mechanism.” Voila (that’s rfc4474bis) We’ve been very busy with the in-band work However, tried to make sure we didn’t close any doors on out-of-band Use certificates in common, say We do have an out-of-band charter milestone even Though we missed the date by a little

Do we still need it? Fixing end-to-end IP-IP is not enough Which original RFC4474 assumptions failed? SIP deployments mostly involve PSTN interworking Thus still largely concerned with telephone numbers Some IP-IP, but much IP-PSTN, PSTN-IP-PSTN, even PSTN-IP Much problematic robocalling uses IP-PSTN We also see IP-PSTN-IP When a gateway has no IP route and drops to the PSTN, which eventually routes back to IP Fixing end-to-end IP-IP is not enough

Limits of in-band RFC4474bis It’s in-band – end-to-end IP-IP At best, it addresses the SIP-to-SIP use case Not going to help with SIP-to-PSTN, PSTN-to-PSTN We did in-band first because existing deployments need it Like the IPNNI, now the SHAKEN profile Some IP-IP deployments may not pass Identity e2e Difficult to anticipate what will survive administrative boundaries PAI-based deployments should leak across trust boundaries And some existing deployments might just block Identity As they block all new headers; especially B2BUAs

PASSporT and out-of-band PASSporT bridges the gap between in-band and out-of-band An object format that could be carried by SIP, or another protocol Some interest in adapting to Jingle (XMPP) Potentially in WebRTC as well PASSporT could also be stored for retrieval at a service Out-of-band here refers to architectures where that happens somewhere along the signaling path Depends on Internet enabled endpoints and/or gateways

Some use cases

Basic STIR Out of Band CPS Call Placement Service Store PASSporT Retrieve PASSporT PSTN Smart Phone Smart Phone POTS Call Smart Phones are not just mobile phones, and not just end-user devices

Obvious Questions Okay, how does the originating side know where to find a CPS? How do we make sure the terminating side comes to exactly the same conclusion? Need a service discovery mechanism A few initial ideas in the draft now And how do we manage the risk that someone other than the called party will fetch it? Significant privacy concerns These are the things its time to work on

Components of an OOB solution A service for storing and retrieving PASSporT objects Or a “Call Placement Service”, CPS A discovery mechanism for the CPS Needed both for storing and retrieving This creates a rendez-vous function, effectively Smart phones (not necessarily mobile) Internet enabled: could be an IP PBX or whatever A robust story about privacy

Another Case: IP-PSTN Gateways CPS Store PASSporT Retrieve PASSporT PSTN SIP/STIR GW SIP UA Smart Phone POTS Call

… and its many cousins We can show a parallel flow for PSTN-IP Again, where the PSTN endpoint is a smart phone that creates a PASSporT Or even some local agent does it on behalf of the endpoint These use cases can look a lot like tunneling We can’t count on SS7 to carry a PASSporT Could carry an indication that the original call was signed… but cryptographic assurance is superior Some use cases where in-band and out-of-band are other used Out-of-band beomes the “fallback”

IP-PSTN-IP even? Sure! CPS Store PASSporT Retrieve PASSporT PSTN SIP/STIR SIP/STIR GW GW SIP UA SIP UA POTS Call

Well, let’s not get carried away How do we know a GW is authorized to store it? Should a GW need a pre-association with the CPS? Most likely, the authority to store is really invested in the PASSporT itself Multiple entities may be authorized to sign for the same “orig” in PASSporT And how do we know a GW is authorized to retrieve it? Same questions, really Can’t predict where calls will land, so hard to encrypt for the target But good CPS design could help…

CPS Design Questions Store PASSporTs under the originating or terminating identity? What is the key of the lookup? Currently: terminating side queries for the originating number Or store under something hashed instead? Hash of originating TN and terminating TN Still, possible for an adversary to compute all values offline Maybe add timestamp of some kind? Expensive hash? Also, implement polling prevention for single targets

Next Steps Already on the charter, targeting WG item adoption Though not just this second Given RFC4474bis/PASSporT/certs pass the IESG Maybe have some virtual interim early next year to discuss further Appreciate comments/thoughts Crucial to have a good PSTN story for STIR I think something along these lines could help

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.