IETF 101 (London) STIR WG Mar2018

Slides:



Advertisements
Similar presentations
Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Advertisements

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Tutorial 6 Working with Web Forms
RTSP Interoperability Bakeoff Ron Frederick
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.
Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.
Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.
Draft-elwell-sipping- redirection-reason-00 Author: John Elwell
SIP working group IETF#70 Essential corrections Keith Drage.
Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
1 draft-duffield-ippm-burst-loss-metrics-01.txt Nick Duffield, Al Morton, AT&T Joel Sommers, Colgate University IETF 76, Hiroshima, Japan 11/10/2009.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
1/7 Clarification of Privacy Mechanism for SIP draft-munakata-sipping-privacy-clarified-00 Mayumi Munakata (NTT) Shida Schubert (NTT) IETF67 SIPPING 1.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
GRUU Jonathan Rosenberg Cisco Systems. Changes in -06 Editorial as a result of RFC-ED early copy experiment.
July 28, 2008BLISS WG IETF-721 The Multiple Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-02 Alan Johnston.
Indication of Terminated Dialog draft-holmberg-sipping txt Christer Holmberg NomadicLab Ericsson.
History-Info header and Support of target-uri Solution Requirements Mary Barnes Francois Audet SIPCORE.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
Stir-cnam STIR WG / IETF 95 Buenos Aires, Apr 2016 Jon.
SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.
Ken Grewal Gabriel Montenegro Manav Bhatia
5 In the Survey Options section, click an option to determine whether users' names will appear in survey results, and then whether users can respond to.
End-to-middle Security in SIP
Authenticated Identity
draft-rescorla-fallback-01
5 In the Survey Options section, click an option to determine whether users' names will appear in survey results, and then whether users can respond to.
Phil Hunt, Hannes Tschofenig
sip-identity-04 Added new response codes for various conditions
IP-NNI Joint Task Force Status Update
STIR WG / IETF 94 Yokohama, Nov 2015 Jon
Request History Capability – Requirements & Solution
ECRIT Interim: SIP Location Conveyance
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
Consent-based Communications in SIP draft-ietf-sipping-consent-reqs-04
Request History Capability – Requirements & Solution
draft-ietf-simple-message-session-09
Examining Session Policy Topologies
STIR WG / IETF 97 Seoul, Nov 2016 Jon
Request-URI Param Delivery
5 In the Survey Options section, click an option to determine whether users' names will appear in survey results, and then whether users can respond to.
Cryptography and Network Security
IP-NNI Joint Task Force Status Update
Analysis of Use of Separate Identity Header for SIP RPH Signing
RFC PASSporT Construction 6.2 Verifier Behavior
draft-ipdvb-sec-01.txt ULE Security Requirements
RFC PASSporT Construction 6.2 Verifier Behavior
RFC PASSporT Construction 6.2 Verifier Behavior
Updates to Draft Specification for DTN TCPCLv4
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
IP Interconnection Profile
STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.
William Stallings Data and Computer Communications
STIR WG IETF-102 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-06) July 18, 2018 Ray P. Singh, Martin Dolly, Subir Das, and.
RFC Verifier Behavior Step 4: Check the Freshness of Date
SIP Session Timer Glare Handling
draft-ietf-dtn-bpsec-06
Rifaat Shekh-Yusef IETF105, OAuth WG, Montreal, Canada 26 July 2019
BPSec: AD Review Comments and Responses
Proposed Changes to STI-VS "iat" freshness check
STIR / SHAKEN for 911 use of SHAKEN 8/7/2019
draft-ietf-stir-oob-02 Out of Band
IETF 103 (กรุงเทพฯ) STIR WG Nov 2018
IETF 102 (Montreal) STIR WG Jul 2018
Cryptography and Network Security
Presentation transcript:

IETF 101 (London) STIR WG Mar2018 PASSporT divert IETF 101 (London) STIR WG Mar2018

draft-ietf-stir-passport-divert-02 A feature many people have asked about How do we handle retargeting? To header field of SIP is signed by PASSporT Original SIP header value may be altered with retargeting Looks like a cut-and-paste attack to the destination We define a special PASSporT to track retargets With its own “ppt” – “div” for “divert” Different from History-Info and Diversion? Yes, as it is signed by the original destination domain Moreover, it only captures “major” changes Thanks to our canonicalization procedures

What’s New? Redirection and Retargeting “div” exists to handle certain retargeting problems If the PASSporT arriving at a VS has a “dest” that does not look familiar, how does the VS know it was not cut-and-pasted? “div” fills this gap, providing a signed assurance that the original destination forwarded to a new (hopefully familiar) recipient Not a problem for redirection, usually A 302 will (usually) cause the UAC to issue a new INVITE, hopefully with a new To copied into the “dest” in the PASSporT But is there value in signing for the original destination, if it appears in Diversion or History-Info? Not for an impersonation threat relevant to robocalling, but leveraging STIR to secure that service logic We added an optional way to send a “div” PASSporT in 3XXs Do people think this is useful?

Last time we agreed on nesting Header: { "typ":”passport", "alg":”ES256“, "ppt":”div“, "x5u":"https://www.example.com/cert.pkx" } Claims: { ”orig":{“uri”:”alice@example.com”}, ”dest":{“uri”:”secondtarget@example.com”}, <- new target "iat": 1443208345, “div”:{“uri”:”firsttarget@example.com”} <- original target “opt”:"eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \ joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \ kZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhdC \ <- original ppt I6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0.r \ q3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \ ojNCpTzO3QfPOlckGaS6hEck7w”} }

Return of unnested? Some concerns have been raised about the size of Identity header field values with nested PASSporTs Any implementers running into this in practice? Current guidance is SHOULD do nesting for in-band “div” Just helps to correlate the PASSporTs However, as discussed on the list, multiplicities of ASs and diverters could make this quite complicated If full form encrypted PASSporTs were ever carried in-band, we’d need nesting for that Extensions like “rcd” might actually motivate that due to PII From a design perspective, do we want to allow both nested and unnested as options? “opt” for some use cases and separate PPTs for others?

Unnested and Identity order Some mailing list traffic about ordering of Identity header fields in a SIP request Assuming unnested, or multiple nested PASSporTs carried in different headers due to multiple AS’s And of claims in the PASSporT itself (per RFC8225) Not sure there’s a problem? Identity header field ordering is not something I’d expect intermediaries to faithfully relay Claims in PASSporT just need order for serialization and signing If unnested becomes the norm, a VS may have to sift through a bunch of Identity header fields and correlate PASSporTs itself We could add something explicitly linking PASSporTs that point to one another We did (in this revision) put in an optional History-Info index value But could future extensions require something different?

Make “opt” independent of “div”? “opt” is the extension claim where we nest PASSporTs within other PASSporTs Should we make it independent of “div”, for other potential PASSporT types to use? Not hard to do, probably don’t need a new specification for it Just a slightly different syntax Any potential applications of “opt” to other PPTs?

Clerical oversight So, RFC8224 wasn’t very clear about how the “ppt” parameter appears in the Identity header field PASSporT type, where you specify extensions Should ppt= values be quoted or not? There is one tiny scrap of text that implies they should be quoted Right now all of our PPT drafts do this (I think) Should ppt= even be mandatory? Redundant with the PASSporT JOSE header However, for compact form you wouldn’t have that header, hence we just made it mandatory Also helpful to tell whether you support the PASSporT without having to crack it open We should probably clarify all this somewhere

Issues This is pretty close Need to patch the issues above Thanks to Christer for a close read – need some more reviews Last call soon?