SIP Identity issues John Elwell, Jonathan Rosenberg et alia

Slides:

Advertisements

Similar presentations

MARTINI WG Interim draft-ietf-martini-reqs-04 John Elwell Hadriel Kaplan (editors)

Advertisements

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.

Service Identification Jonathan Rosenberg Cisco. Agenda Service Identification Architecture draft (draft-rosenberg-sipping-service- identification) Media.

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1c-handover-issues.ppt Title: MIH Security – What is it? Date Submitted:

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri

Emergency Calling Services (Calls for police, fire, ambulance, etc.) SIPPING WG IETF 58 Tom Taylor

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Sip Traversal Required for Applications to Work (STRAW) WG Proposal straw-man: Hadriel Kaplan.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

S/MIME Certificates Cullen Jennings

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.

Cullen Jennings Certificate Directory for SIP.

Behave Status IETF 62 - Behave WG Chairs (Cullen Jennings, Jiri Kuthan)

1 STUN Changes draft-ietf-behave-rfc3489bis-03 Jonathan Rosenberg Dan Wing Cisco Systems.

Relay Services in Europe Technical perspectives November 2011.

Peering Considerations for Directory Assistance and Operator Services - John Haluska Telcordia SPEERMINT, IETF 68 Prague, Czech Republic 20 March 2007.

S/MIME and Certs Cullen Jennings

Page 1IETF 65 ENUM WG IETF 65 – ENUM WG IANA Registration for an Enumservice and “tel” Parameter for Calling Name Delivery (CNAM) Information 20 March.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.

Patrik Fältström. ITU Tutorial Workshop on ENUM. Feb 8, 2002, Geneva Explanation of ENUM (RFC 2916) Patrik Fältström Area Director, Applications Area,

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

SIP Extensions for Network-Asserted Caller Identity and Privacy within Trusted Networks Flemming Andreasen W. Marshall, K. K. Ramakrishnan,

06/28/06 1 TSG-C SWG 1.2 End-to-End Signalling of Over-the-Air QoS & Additional PSVT call flows June 28, 2006 Nikolai Leung, Hyukjune Chung QUALCOMM, Incorporated.

Interactive Connectivity Establishment : ICE

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan

IETF 64 SIP WG Spam for Internet Telephony Prevention using Security Assertion Markup Language Draft-schwartz-sipping-spit-saml-00.txt.

1 IETF 72 BLISS WG meeting draft-ietf-bliss-ach-analysis-02 John Elwell.

Integrating Identity based Cryptosystem (IBC) with CGA in Mobile IPv6 draft-cao-mipshop-ibc-cga-00.txt Zhen Cao Hui Deng IETF #67.

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,

Caller Preferences Jonathan Rosenberg dynamicsoft.

D Janet Gunn, CSC Dennis Berg, CSC Pat McGregor, Nyquetek Richard Kaczmarek,

SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

06/28/06 1 TSG-C SWG 1.2 End-to-End Signalling of Over-the-Air QoS & Additional PSVT call flows June 28, 2006 Nikolai Leung, Hyukjune Chung QUALCOMM, Incorporated.

Presentation Material ● PAR ● 5 Criteria ● ✔ Problem tutorial ● ✔ Problem statement (2-6) ● ✔ Why VoIP doesn't work today (7-8) ● ✔ What ECRIT has done.

Infrastructure ENUM Options Richard Stastny Michael Haberler IETF#65 Dallas, TX.

CLUE WG Interim Meeting San Jose, CA Sept , 2012

Timeline – Standards & Requirements

End-to-middle Security in SIP

THIS IS THE WAY ENUM Variants Jim McEachern

IETF 80 MMUSIC WG draft-elwell-mmusic-ice-updated-offer

Cullen Jennings S/MIME Certificates Cullen Jennings

KX-HTS Step by Step Guide SIP Trunk

CLUE WG Interim Meeting San Jose, CA Sept , 2012

Timeline - ATIS Involvement

SIP Configuration Issues: IETF 57, SIPPING

Hitchhikers Guide to SIP

Improving Security of Real-time Communications

In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia

Agenda and Status SIP Working Group

The Domain Policy DDDS Application

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

Timeline - ATIS Involvement

Proposed ATIS Standard for Signing of SIP RPH

draft-ipdvb-sec-01.txt ULE Security Requirements

STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,

IEEE MEDIA INDEPENDENT HANDOVER

User to User Key Signaling Protocols

Change Proposals for SHAKEN Documents

Emergency Calling Services (Calls for police, fire, ambulance, etc.)

IEEE MEDIA INDEPENDENT HANDOVER

draft-ietf-dtn-bpsec-06

Calling Party Identity

Discussion on TESLA Based Frame Authentication

Presentation transcript:

SIP Identity issues John Elwell, Jonathan Rosenberg et alia IETF 71 SIP WG meeting SIP Identity issues John Elwell, Jonathan Rosenberg et alia

Summary of contributions Phone number issues: draft-elwell-sip-e164-problem-statement-00 draft-schwartz-sip-e164-ownership-01 draft-rosenberg-sip-rfcc4474-concerns-00 draft-wing-sip-e164-rrc-01 draft-darilion-spe16-enum-00 SBC issues draft-wing-sip-identity-media-02 draft-fischer-sip-e2e-sec-media-00

Summary of contributions (cont.) Baiting attack draft-kaplan-sip-baiting-attack-02 not an issue when dtls-srtp is used not a problem introduced by RFC 4474 – can be done anyway not considered further today

Phone Identity Problem Cases The Identity service cannot verify the correctness of the phone number. e.g., it came from the PSTN. The Identity service can verify the correctness of the phone number, but there's no way for a relying party to know that the Identity service is authoritative for that number The Identity service can actually verify the correctness of the phone number and the relying party can verify that the Identity service is authoritative for that number. e.g., by configuration.

Strawman Identity Solution If a user is identified by a phone number, its domain can sign with an RFC 4474 signature if it believes that calls to that number will reach the user There is value in the RFC 4474 signature even for phone numbers – it allows the verifier to: Render the domain to the user, possibly as a company name – separate from the number Check whitelists/blacklists for trustworthiness of domain Nothing in the RFC 4474 signature allows verifier to know that the domain “owns” the number Nothing in the RFC 4474 signature says this is the true origin (could be an intermediate service provider)

Strawman Identity Solution Calls from a PSTN gateway include P-A-ID No way for the SIP provider to verify the caller ID Could put gateway@domain in From and sign with RFC 4474 Users with both a user@domain and phone number user@domain in From field Domain includes RFC 4474 signature Domain adds P-A-ID containing number DTLS-SRTP clarifies quality of integrity protection in cases of phone numbers and improves existing solutions

Questions for SIP WG Is the straw man proposal for phone numbers the right way to go? Should we consider an informational or BCP document that discusses what can be inferred from received identity information? Are there any useful steps for dealing with SDP modification by SBCs? Is there an impact on the draft-ietf-sip-dtls-framework that we need to deal with in that document?