Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

Slides:



Advertisements
Similar presentations
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Advertisements

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins
Yahoo Tutorial This tutorial aims to quickly cover some of the basic elements of web based using Yahoo - a free service Use the Index.
Gmail Tutorial This tutorial aims to quickly cover some of the basic elements of web based using Gmail - a free service Use the Index on the.
Slide #1IETF 77 – Roll WG – March 2010 ROLL RPL IETF 77 status draft-ietf-roll-rpl Tim Winter Pascal Thubert Design Team.
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA.
1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
SIP working group status Keith Drage, Dean Willis.
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
1 A Path Forward on Identity Agreement on a problem space –We all agree that E.164 numbers don’t work well with RFC4474 –Less agreement about the requirements.
DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.
Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.
STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
Credentials Roadmap STIR WG IETF 90 (Toronto) Sean Turner
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.
(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.
STIR Problem Statement IETF 88 (Vancouver) Tuesday Session Jon Peterson.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.
SIMPLE Drafts Jonathan Rosenberg dynamicsoft. Presence List Changes Terminology change Presence List Information Data Format –Provides version, full/partial.
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Open issues from SIP list Jonathan Rosenberg dynamicsoft.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:
Rfc4474bis-03 IETF 92 (Texas) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier.
Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli
GRUU Jonathan Rosenberg Cisco Systems. Changes in -06 Editorial as a result of RFC-ED early copy experiment.
Call Completion using BFCP draft-roach-sipping-callcomp-bfcp IETF 67 – San Diego November 7, 2006.
Location Conveyance in SIP draft-ietf-sip-location-conveyance-01 James M. Polk Brian Rosen 2 nd Aug 05.
1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.
BGP Validation Russ White Rule11.us.
SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.
Broker training for Callidus Cloud EnvisionRxPlus for 2018
End-to-middle Security in SIP
draft-rescorla-fallback-01
Mail Merge for Lotus Notes and Excel User Guide
sip-identity-04 Added new response codes for various conditions
STIR WG / IETF 94 Yokohama, Nov 2015 Jon
Mail Merge for Lotus Notes and Excel User Guide
ECRIT Interim: SIP Location Conveyance
Request History Capability – Requirements & Solution
Chris Wendt, David Hancock (Comcast)
SIP Identity issues John Elwell, Jonathan Rosenberg et alia
RFC PASSporT Construction 6.2 Verifier Behavior
RFC PASSporT Construction 6.2 Verifier Behavior
RFC PASSporT Construction 6.2 Verifier Behavior
IETF 101 (London) STIR WG Mar2018
Updates to Draft Specification for DTN TCPCLv4
Change Proposals for SHAKEN Documents
RFC Verifier Behavior Step 4: Check the Freshness of Date
IPNNI SHAKEN Enterprise Models: LEMON TWIST
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
BPSec: AD Review Comments and Responses
IETF 102 (Montreal) STIR WG Jul 2018
Presentation transcript:

rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon

First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier behavior, canonicalization 2) Credentials – How signers enroll, how verifiers acquire credentials, how to determine a credential’s authority for identity rfc4474bis (now a WG item!) is about (1) – But contains guidance for future specifications of (2)

Recap Identity signature over To, From, Method, and Date The mechanism works for TNs, could also work for SIP URIs – Would need to specify credential systems for greenfield IDs Optional Identity-Reliance header – Optional for signer to add, optional for verifier to check if present Identity-Info now much broader than in RFC4474 – Acts as a selector if multiple parties can sign for the name – Not just for certificates per RFC4474 Canonicalization (now not just a stub) Keeps much of the original RFC4474 apparatus – All the response codes, etc.

Canonicalization The high-level procedure (for To and From headers) – Strip special characters, append a country code if missing – End up with a format like: (strip any +) – What if the E.164 format can’t be inferred (at either side)? Two possible options: – Guess that it’s from this nation and append a cc, if the call is international, it fails – Leave it without a country code…? – What about special numbers? Especially if we’re canonicalizing To as well Short codes, emergency codes, many corner cases – C haracters # and *, tones A B C D

Canonicalization (2) rfc4474bis-01 adds a new Identity-Info param – “canon” with a value of tn-spec – Stores the canonical form of the TN created by the signer Right now, actually vague about whether this is the To or From header field value – implied From Should it include the To? Today, this is not under the signature – Why? Because intermediaries might change it – Should we protect it?

Baiting Attacks Raised on the list: REFER baiting – I REFER you to send a call through me (evil) to a chosen number e.g. – I then copypasta the token into my own INVITE to that number with my media params To – I can thus impersonate you Arises due to several causes: – Because we don’t protect SDP and thus media (invariant) – Because we limit TN signature scope to the TN only, not the domain – Because we lack a secure indication that a REFER induced this token

Fixing the baiting attack Fundamental SIP “perversion” as underlying cause – But we can’t fix core SIP routing – Actually RFC3261 allows arbitrary location service decisions We could restrict REFER in some way We could protect media – Some kind of partial signature, even We could add a signed indication that a REFER induced this – Recipients can at least then decide to Other thoughts?

Open Issue: STIR scope REFER baiting is one of several attacks on the edges of our scope Should we protect mid-dialog requests? – Otherwise, forged BYEs can take down calls – It’s impersonation, but it isn’t robocalling or swatting Do we envision a later document explaining how to apply rfc4474bis to mid-dialog requests – Possibly outside STIR, in a successor? – Might explore connected identity revisions, even

Open Issue: Credential caching Should Identity-Info contain a credential hash – Let verifiers know that they already hold the credential Remember multiple credentials might sign for the same number – So verifiers can’t just tell from the From canonicalization Some other form of UID for the credential also possible – Potentially complex interaction with caching Verifiers can’t assume the credential is still valid, so a lookup of some kind is still necessary But is there some value as an optimization?

Open Issue: Partial Body Protection Should we create a protection for subsets of SDP bodies – For example, signature over only hash of keying material for SRTP Necessarily optional, since RTP doesn’t require SRTP Shouldn’t be vulnerable to a bid down – Possibly other elements could be included as well See earlier discussion of REFER baiting Will SBCs still violate that signature? – And if so, is that violation bad enough that verifiers should fail on it? Per STRINT, should something like this be mandatory?

Path Forward Editing still needed, big ideas now in place? – Some legacy RFC4474 language could use an update

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.