Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.

Slides:

Advertisements

Similar presentations

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

STIR Credentials IETF 88 (Vancouver) Wednesday Session Jon & Hadriel.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Namespaces in SPKI Carl M. Ellison Intel Architecture Labs

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Homework #8 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.

SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Cryptography 101 Frank Hecker

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

draft-kwatsen-netconf-zerotouch-01

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.

Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

Credentials Roadmap STIR WG IETF 90 (Toronto) Sean Turner

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

STIR Problem Statement IETF 88 (Vancouver) Tuesday Session Jon Peterson.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa.

SAML FTF #4 Workitems Bob Blakley. SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Rfc4474bis-03 IETF 92 (Texas) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.

Draft-peterson-modern- problems-04 Jon Peterson MODERN WG IETF 95 (Buenos Aires)

draft-rescorla-fallback-01

STI Interworking with SIP-PBXs

TN Proof-of-Possession and Number Portability

STIR WG / IETF 94 Yokohama, Nov 2015 Jon

TeRI and the MODERN Framework

ECRIT Interim: SIP Location Conveyance

Cryptography and Network Security

draft-ietf-simple-message-sessions-00 Ben Campbell

Chris Wendt, David Hancock (Comcast)

WAP Public Key Infrastructure

SAML assisted Diffie-Hellman MIKEY

RFC PASSporT Construction 6.2 Verifier Behavior

RFC PASSporT Construction 6.2 Verifier Behavior

RFC PASSporT Construction 6.2 Verifier Behavior

Doug Bellows – Inteliquent 10/4/2018

IETF 101 (London) STIR WG Mar2018

RFC Verifier Behavior Step 4: Check the Freshness of Date

IPNNI SHAKEN Enterprise Models: LEMON TWIST

STIR Certificate delegation

Calling Party Identity

Enterprise Use Cases and A-Level Attestation

Enterprise Use Cases and A-Level Attestation

Presentation transcript:

Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon

draft-ietf-stir-certificates-00 Now a WG item! Provides a certificate-based STIR credential system Defines attributes for telephones numbers and number ranges Defines ways of acquiring the certs – Largely follows the RFC4474 Identity-Info paradigm Sketches techniques for real-time cert validation

Enrollment Document assumes a threefold method – Direct assignment From numbering authorities, regulators, etc. – Delegation from above From other number holders – Proof of possession Last time we talk about this here, we had “no opposition” to going forward with that Cullen will talk more about this next… Do we need a credential strength, LoA?

In-band STIR Logical Architecture Inter- Mediary Inter- Mediary PBX Endpoint PBX Endpoint User Endpoint User Endpoint User Endpoint User Endpoint User Endpoint Logical Authority Logical Authority Unsigned Requests Inter- Mediary Inter- Mediary PBX Endpoint PBX Endpoint User Endpoint User Endpoint User Endpoint User Endpoint Credential Provisioning Credential Validation Signed Requests

How do verifiers find credentials? Can we uniquely identify the needed credential based on TN alone? – Depends on how many authorities there are – If a user, enterprise and carrier all have certs that cover a particular number, due to delegation Or proof-of-possession – Some kind of hint needed to disambiguate Identity-Info URI can contain this – For out-of-band, this is tough, we’ll talk about that next Remember the CIDER “public key index value”

And then, credential caching Deferred to this document from RFC4474bis Should Identity-Info contain a credential hash – Let verifiers know that they already hold the credential As multiple credentials might sign for the same number – So verifiers can’t just tell from the From canonicalization Some other form of UID for the credential also possible – Potentially complex interaction with caching Verifiers can’t assume the credential is still valid, so a lookup of some kind is still necessary But is there some value as an optimization?

Acquisition Protocols Different methods of acquiring certs – Push (e.g., credential arrives with a SIP request) MIME multipart body – Pull (e.g., verifier acquires credential on receipt of request) Either dereferencing Identity-Info URI DNS: or creating a fetch based on the originating number – For certs, current recommendation is to use EST (RFC7030) – Prefetch (verifier gets top 500 keys) with pull SIP SUBSCRIBE/NOTIFY mentioned in the text – Others? Probably – no need to choose one (but MTI?) DANE? If you there’s a DNS tree…

Open Issue: Handling Ranges But some entities will have authority over multiple numbers – Administrative domains could control millions of numbers In non-continuous ranges – Includes service providers, enterprises, resellers, etc. Ideally, a service provider should not have to have one credential per number – The draft contains syntax for number ranges – But past a certain point, certs get too big Do we want to have by-reference approach? – Cert contains URL, URL contains the list Reduces cert size – Or, cert contains a URL of a service where you can ask about a particular number

Expiry, Revocation and Rollover All credentials will have a lifetime – Ordinary rollover Sometimes keys will be compromised before their expiry – But telephone numbers change owners, get ported, transfer normally Some sort of real-time checking required – DNS gets this for free (presuming no caching) – For certs, pull method could encompass this check As could the prefetch – OCSP checks, but adds some overhead More investigation to be done here Related to by-reference number ranges? – URLs for that give fresh responses – same problem?

Open Issue: Public or Confidential Credentials? How much information are we willing to make public? – Should credentials advertise a subject (e.g., “AT&T”) Okay when a call is received to know the originating carrier? – Receiving user vs. receiving carrier may be different More seriously, can an attacker mine a public database to reveal who owns all numbers? – Will we introduce VIPR-like privacy leaks? Can we restrict access to the credentials? – Identity-Info, say, could carry short lived, unguessable URLs – How important is endpoint verification? Does trust become transitive if endpoints rely on intermediary verifiers?

Open Issue: Partial Delegation Authority over numbers conflates many powers – Power to claim identity for VoIP vs. SMS, power to port the number, etc. Should it be possible to delegate authority for specific services rather than the whole number? – e.g., my SMS provider can sign my texts (MESSAGE), but my voice provider signs my INVITEs Yes, example is kind of contrived Can I give my SMS provider a text-specific cert that would not enable to them to sign voice calls? Too complex? Do we need this?

Open Issue: Private Key Provisioning How do signers acquire and manage private keys for delegated certs? – Self-generated and provisioned at the authority? – Generated by the authority and downloaded to devices? Intermediaries and enterprises – Provision keys for number blocks, sign on behalf of calls/texts passing by – May possess many keys What’s the right tool to accomplish this?

END