Session Announcement Protocol Colin Perkins University College London.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

IPSec.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

COS 420 Day 18. Agenda Group Project Discussion Program Requirements Rejected Resubmit by Friday Noon Protocol Definition Due April 12 Assignment 3 Due.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Cryptography and Network Security

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

7/ IETF, Pittsburgh Ott/Perkins/Kutscher Mbus Update draft-ietf-mmusic-mbus-transport-02.txt Jörg Colin

Session-based Security Model for SNMPv3 (SNMPv3/SBSM) David T. Perkins Wes Hardaker IETF November 12, 2003.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Secure Socket Layer (SSL)

Chapter 13 – Network Security

I-D: draft-rahman-mipshop-mih-transport-01.txt Transport of Media Independent Handover Messages Over IP 67 th IETF Annual Meeting MIPSHOP Working Group.

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Audio/Video Transport Working Group 44th IETF, Minneapolis March 1999 Stephen Casner -- Cisco Systems Colin Perkins -- UCL Mailing list:

Quick-Start for TCP and IP draft-ietf-tsvwg-quickstart-02.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti TSVWG, March 2006 This and earlier presentations::

IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.

Audio/Video Transport Working Group 49th IETF, San Diego December 2000 Stephen Casner -- Packet Colin Perkins -- ISI,

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Quick-Start for TCP and IP draft-ietf-tsvwg-quickstart-01.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti TSVWG, November 2005 This and earlier presentations::

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

RTP Interoperability Testing Colin Perkins University College London.

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

SIP working group IETF#70 Essential corrections Keith Drage.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.

SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

THE CLASSIC INTERNET PROTOCOL (RFC 791) Dr. Rocky K. C. Chang 20 September

RTP Splicing Status Update draft-ietf-avtext-splicing-for-rtp-11 Jinwei Xia.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

July 2007 CAPWAP Protocol Specification Editors' Report July 2007

A RTCP-based Retransmission Protocol for Unicast RTP Streaming Multimedia draft-podolsky-avt-rtprx-00.txt Matthew Podolsky, Koichi Yano, and Steven McCanne.

TCP Friendly Rate Control (TFRC): Protocol Specification RFC3448bis draft-ietf-dccp-rfc3448bis-03.txt S. Floyd, M. Handley, J. Padhye, and J. Widmer Testing.

RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.

Network Layer Security Network Systems Security Mort Anvari.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Addressing Comment #2142 Date Submitted: March, 18, 2008 Presented.

GMAP Grant Management, Application, and Planning Consolidate Application Training.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.

SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:

IPsec Problems and Solutions

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.

Open issues with PANA Protocol

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Quick-Start for TCP and IP

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Congestion Control Comments Resolution

Presentation transcript:

Session Announcement Protocol Colin Perkins University College London

Status In Washington DC we thought this was ready for last call, after minor revision This was conducted earlier this year and showed that a number of open issues remain Two more revisions of the draft have addressed some of these –draft-ietf-mmusic-sap-v2-06.txt We have to resolve the rest today

Summary of changes (I) Timer reconsideration algorithm updated to match RTCP Remove references to "client" in the text, now talks about SAP announcers and listeners only. Clarify that TTL scoping is discouraged –Use administrative scoping instead Clarify section on session deletion

Summary of changes (II) Remove the optional timeout field from the packet format It was only used for encrypted SAP, for those cases where a proxy didn't have the decryption key. We now rely on either: –the receiver of an announcement understands the payload, and can derive the session timeout from it (common case) –the announcer sends explicit deletion packets –the receiver will timeout an announcement

Summary of changes (III) Clarify why we use application level authentication, not IPsec –very little IPsec deployment –unclear how to setup the necessary authentication infrastructure for multicast IPsec, when the sender doesn’t know the receivers Instead we leverage application level authentication, with well defined mechanisms –PGP, CMS

Summary of changes (IV) Make all authentication schemes optional –Previously, authentication was optional but if implemented PGP had to be supported –Now it’s optional, with no mandated algorithms PGP and CMS are specified

Open issue How do we perform authentication? Authenticated payload –Uniform authentication mechanism per payload format Authenticated transport –SAP is payload independent, this allows us to authenticate the sender of any form of announcement...and prevent spoofing of deletion messages... Proposal: include authentication in SAP, separate development of payload authentication if desired.

What next? Resolve authentication issues A new working group last call, for experimental