SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

Slides:



Advertisements
Similar presentations
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Advertisements

SIP, Presence and Instant Messaging
Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Presence and IM as SIP Services Jonathan Rosenberg Chief Scientist.
SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
RadSec – A better RADIUS protocol
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Adding SASL to HTTP/1.1 draft-nystrom-http-sasl-07.txt Magnus Nyström, RSA Security Alexey Melnikov, Isode Limited
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
Service Identification Jonathan Rosenberg Cisco. Agenda Service Identification Architecture draft (draft-rosenberg-sipping-service- identification) Media.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
SIP Security Matt Hsu.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
SIP Session Initiation Protocol Short Introduction Artur Hecker, ENST.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
S/MIME Certificates Cullen Jennings
Cullen Jennings Certificate Directory for SIP.
S/MIME and Certs Cullen Jennings
Omar A. Abouabdalla Network Research Group (USM) SIP – Functionality and Structure of the Protocol SIP – Functionality and Structure of the Protocol By.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.
©Stephen Kingham SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005 By Stephen Kingham
Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.
SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60.
Open issues from SIP list Jonathan Rosenberg dynamicsoft.
End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Agenda and Status SIP Working Group IETF 61. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
RObust Header Compression WG (ROHC) 66 th IETF Montreal, Canada, July 11, 2006 Meeting Chair: Carsten Bormann WG Chair: Lars-Erik Jonsson.
Diameter SIP Application
1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.
Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-00) IETF 87, November 4, 2013 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
Cryptography CSS 329 Lecture 13:SSL.
Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.
SIPPING Working Group IETF 67 Mary Barnes Gonzalo Camarillo.
SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.
SIP WG Status IETF 56 The Chairs Rohan Mahy, Jon Peterson, Dean Willis.
Volker Hilt SIP Session Policies Volker Hilt
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
End-to-middle Security in SIP
Authenticated Identity
Cullen Jennings S/MIME Certificates Cullen Jennings
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
Agenda and Status SIP Working Group
SIPPING Working Group IETF 58
Session Initiation Protocol (SIP)
S/MIME T ANANDHAN.
iSIP: iTIP over SIP and Using iCalendar with SIP
Verstat Related Best Practices
User to User Key Signaling Protocols
SIP Basics Workshop Dennis Baron July 20, 2005.
SAML/SIP Profiles and Call Initiation
Presentation transcript:

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair

Very Brief description of SIP Rendezvous protocol can “go direct” or use proxies/intermediaries register Contacts to an Address of Record discover appropriate Contacts setup sessions by exchanging offers and answers SIP-specific subscribes and notifies text-based (looks sorta like HTTP + ) –INVITE SIP/2.0 –SIP/ OK / 404 Not Found / etc... carries direct or indirect MIME content

State of SIP security Digest used for user authentication end-to-end or end-to-middle TLS used for hop-by-hop server authentication, encryption, integrity, and optional mutual auth (TLS with RSA, AES128_CBC, SHA1) optional IPsec for hop-by-hop encryption and integrity S/MIME for end-to-end encryption and integrity media (ex: RTP audio, game, chat) SIP signaling

Good reasons for Object security in SIP Verifying you are still talking to the same person you started talking with (even if they are otherwise anonymous) SIP for Instant Messaging SIP between telephone network devices 3rd-party identity assertions for folks you authenticated some other way (possibly on a per call basis)

History: SIP uses S/MIME Mar 1999: RFC-2543 (SIP) published as PS. specs PGP for end-to- end security. about 3 early implementations, none worked together (badly underspecified, lots of implicit behavior) Nov 2001: Numerous requests for Digest enhancements (including some body integrity stuff (see draft-undery-sip-auth-01.txt) Dec 2001: PGP Deprecated by SIP WG Jan 2002: IESG requests addition of S/MIME to SIP spec Feb/Jun 2002: RFC-3261 specs S/MIME for end-to-end security, provides much more motivational text, (ex: optional usage with self- signed certs), still underspecified Mar 2002: draft-peterson-sip-identity-00.txt adopted as WG item. Uses S/MIME for 3rd party assertion of identity. Oct 2002: draft-peterson-sip-smime-aes-00.txt proposes update/tighter spec of SIP S/MIME. Uses AES. Nov 2002: draft-mahy-sipping-smime-vs-digest-00.txt discusses shared-key signing issues.

What does SIP community want from S/MIME? Advice from the horse’s mouth Help with S/MIME/CMS implementations ;-) –not SIP community’s core competence to add stuff to S/MIME or CMS libraries Unification of end-to-end/end-to-middle authentication, or not… (we use Digest and S/MIME now) SIMPLE needs sessions of messages. should we use S/MIME for this? might need shared key authentication for this. Lots of stuff we want to do with 3rd party assertions: use signed “assertion” documents, or attribute certs, something else?

References RFC 3261 draft-ietf-sip-identity-00.txt draft-ietf-sip-authid-body-00.txt draft-mahy-sipping-smime-vs-digest-00.txt draft-peterson-sip-smime-aes-00.txt draft-ietf-sip-referredby-00.txt draft-ietf-sip-privacy-general-01.txt draft-undery-sip-auth-01.txt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.