1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri

Slides:

Advertisements

Similar presentations

August 2, 2005SIPPING WG IETF 63 ETSI TISPAN ISDN simulation services Roland Jesske Denis Alexeitsev Miguel Garcia-Martin.

Advertisements

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Security Issues In Mobile IP

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

THIS IS THE WAY ENUM Variants Jim McEachern Carrier VoIP Standards Strategy THIS IS.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.

Session Initiation Protocol Winelfred G. Pasamba.

GRUU Jonathan Rosenberg Cisco Systems

Requirements for Resource Priority Mechanisms for the Session Initiation Protocol draft-ietf-ieprep-sip-reqs-01 Henning Schulzrinne Columbia University.

SIP-Based Emergency Notification System Knarig Arabshian IRT Laboratory Columbia University December 5, 2001.

GRUU Mechanism Jonathan Rosenberg. Status Draft-rosenberg-sipping-gruu-reqs-01 defines the problem Draft-rosenberg-sip-gruu submitted with proposed solution.

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.

Proposed Fix to HERFP* (Heterogeneous Error Response Forking Problem) Rohan Mahy * for INVITE transactions.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session Initiation Protocol Tutorial Ronen Ben-Yossef VP of Products - RADCOM

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

The Session Initiation Protocol (SIP) Common Log Format (CLF)‏ IETF 74, March 2009, San Francisco, CA (USA)‏ Vijay K. Gurbani Eric Burger Humberto Abdelnur.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

© 2008 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. 1 Video Relay Service and Assignment.

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

ENUM? “ Telephone Number Mapping (ENUM or Enum, from TElephone NUmber Mapping) is a suite of protocols to unify the telephone numbering system E.164 with.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,

Slide 1 Conferencing with MSRP draft-niemi-simple-chat-02.txt Miguel Garcia, Aki Niemi IETF March-2005.

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

@ IETF 68. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement.

Explicit Subscriptions for REFER draft-sparks-sipcore-refer-explicit-subscription-00 SIPCORE – IETF90 Robert Sparks.

1 R 255 G 211 B 8 R 255 G 175 B 0 R 127 G 16 B 162 R 163 G 166 B 173 R 137 G 146 B 155 R 175 G 0 B 51 R 52 G 195 B 51 R 0 G 0 B 0 R 255 G 255 B 255 Primary.

November 2005IETF64 - ECRIT1 Emergency Service Identifiers draft-ietf-sipping-sos-01 draft-schulzrinne-sipping-service-01 Henning Schulzrinne Columbia.

PSAP Callback draft-ietf-ecrit-psap-callback Phone BCP Status Usage Scenarios.

Peering Considerations for Directory Assistance and Operator Services - John Haluska Telcordia SPEERMINT, IETF 68 Prague, Czech Republic 20 March 2007.

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

S/MIME and Certs Cullen Jennings

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

IMS 架構與話務分析網路管理維運資源中心日期 : 2013/07/25 網路管理維運資源中心日期 : 2013/07/25 限閱.

SAML FTF #4 Workitems Bob Blakley. SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

Patrik Fältström. ITU Tutorial Workshop on ENUM. Feb 8, 2002, Geneva Explanation of ENUM (RFC 2916) Patrik Fältström Area Director, Applications Area,

SIP Call Package Jonathan Rosenberg dynamicsoft. Three Separate Pieces Call Leg State Package Conference Package To-Join/To-Replace.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

SIP Extensions for Network-Asserted Caller Identity and Privacy within Trusted Networks Flemming Andreasen W. Marshall, K. K. Ramakrishnan,

SIP WG Open Issues IETF 50 Jonathan Rosenberg dynamicsoft.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.

- 1 -P. Kyzivatdraft-sipping-gruu-reg-event-00 Reg Event Package Extensions draft-sipping-gruu-reg-event-00 IETF64 Nov-2005.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.

July 28, 2008BLISS WG IETF-721 The Multiple Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-02 Alan Johnston.

July 28, 2009BLISS WG IETF-751 Shared Appearance of a SIP AOR draft-ietf-bliss-shared-appearances-03 Alan Johnston Mohsen Soroushnejad Venkatesh Venkataramanan.

Call Completion using BFCP draft-roach-sipping-callcomp-bfcp IETF 67 – San Diego November 7, 2006.

History-Info header and Support of target-uri Solution Requirements Mary Barnes Francois Audet SIPCORE.

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

SIPPING Drafts Jonathan Rosenberg dynamicsoft. Conferencing Package Issues Only one – scope Depends on broader work in conferencing May include –Participant.

Session-ID Requirements for Interim-3 draft-ietf-insipid-session-id-reqts-00 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel Kaplan.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

THIS IS THE WAY ENUM Variants Jim McEachern

sip-identity-04 Added new response codes for various conditions

Transcoding Framework

Request-URI Param Delivery

Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-00.

SIP Identity issues John Elwell, Jonathan Rosenberg et alia

Verstat Related Best Practices

Transcoding Framework

SHAKEN for Presented to: Ericsson Contact:

Presentation transcript:

1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri Dorgham Raphael Victor

2 Problem statement When someone is calling you, you ‘d like to be able to know the identity of the caller –“who are you?” But this is not always possible to determine –draft-elwell-sip-e2e-identity-important Are we comfortable enough to answer the question “are you calling me?” by determining: –whoever is calling me (even unknown party) can be reached at the address it is claiming in the From header field {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

3 Return Routability Check in a nutshell It is a simple “better-than-nothing“ approach to URI verification –End-to-end solution based on SIP routing It leverages the location service retargeting –No trust models –No additional infrastructures apart from what it takes to route the INVITE message It is NOT a solution for the whole identity problem It does not determine identity (“who are you?”), just the source URI of the call (“are you calling me?”) {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

4 Known Limitations It can at best confirm URI veracity. DERIVE cannot provide a refute claim Reverse Routability is known not to be available in many cases –unregistered phone, call forwarding, etc. Additional latency in call setup {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

5 Security Considerations {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic, Reliance on security of the Registrar, DNS and IP routing systems DoS opportunity with indirection –DERIVE allows attacker to drive other UAs to send DERIVE requests to a victim Privacy –In the absence of some sort of authorization mechanism it can reveal sensitive information

6 Open Issues (1/3): Is Dialog Package Usable for This? Dialog package support exists Interpretations differ in how they may implement the negative case: “4xx vs empty NOTIFY” Only for INVITE-initiated dialogs If we don't re-use the dialog event package –we need to find some other widely-deployed and well- defined UA behavior that we can leverage –or we need to define new behavior on both the caller and callee equipment new method for call-back validation? {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

7 Open Issues (2/3): B2BUA traversal There is no normative reference in B2BUA behavior we can lean upon and which would be guaranteed to travel end-to-end Possible solutions: –“if you break it, you fix it” (if you are lucky to be on the reverse path) –start working on a token that normatively survives B2BUA traversal draft-kaplan-sip-session-id {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

8 Open Issues (3/3): PSTN interworking SIP URIs (even with telephone numbers) verifiable with the originating domain using DERIVE Unlike TEL URIs which are not clearly associated with an owner Do you think it makes sense to attack the TEL URIs? {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

9 WG Survey Who thinks that life is good without a light-weight way to verify a SIP URI? (and who thinks it isn’t?) If folks see the problem, who thinks that reverse URI checking can help to solve it? (not necessarily based on the dialog-package) And out of those who would actually like to contribute to this? {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

10 BACKUP {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

11 A proposed solution Use SIP to ask the caller as claimed in From URI “are you calling me”? {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

12 A Proposed Solution (cont.) A subscription to the Dialog event package is used to check if the UA registered at the AOR in the “From” header is aware of the call. The subscription is restricted to the “half-dialog” formed by Call-ID and From-tag from the INVITE. For this, a SUBSCRIBE message is sent to the AOR in the “From” header field from the original INVITE. Depending on the result of the subscription, we conclude that the “From” was legitimate, or that we do not know exactly. Assumptions: –The Location Service at atlanta.com (caller’s domain) is somehow trustworthy –Alice is currently registered at atlanta.com –IP routing and DNS are not compromised {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

13 A Proposed Solution (cont.) Provisional responses are omitted from the illustration for the sake of clarity {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,

14 Related work Return routability check: –draft-wing-sip-e164-rrc Identity: –RFC 4474, RFC 3325, RFC 3893, RFC 4916 –draft-ietf-sipping-update-pai –draft-elwell-sip-identity-handling-ua –draft-elwell-sip-e2e-identity-important –draft-york-sip-visual-identifier-trusted-identity –draft-ietf-sip-privacy –draft-kaplan-sip-asserter-identity Issues with e164 URIs: –draft-elwell-sip-e164-problem-statement Identity / security on the media path: –draft-fischer-sip-e2e-sec-media (expired) –draft-wing-sip-identity-media (expired)... And many others {Jiri.Kuthan, Dorgham.Sisalem, Raphael.Coeffic,