End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

Slides:



Advertisements
Similar presentations
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Advertisements

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.
11 IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: Summary of Proposed Security Solutions Date Submitted: March 12, 2010 Present at.
1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat Supervisor: Dr. Rajan Shankaran.
SIP Security Matt Hsu.
SIP Security Henning Schulzrinne Columbia University.
Slide #1IETF 77 – Roll WG – March 2010 ROLL RPL IETF 77 status draft-ietf-roll-rpl Tim Winter Pascal Thubert Design Team.
SIP Session Initiation Protocol Short Introduction Artur Hecker, ENST.
4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.
Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
Draft-khan-ip-serv-peer-arch-03.txt SPEERMINT Peering Architecture IETF-66, Montreal, Canada Sohel Khan, Ph.D. Technology Strategist.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
Cullen Jennings Certificate Directory for SIP.
1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.
S/MIME and Certs Cullen Jennings
1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.
Draft-elwell-sipping- redirection-reason-00 Author: John Elwell
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
HIT Standards Committee Technical Review of The Direct Project Dixie Baker December 17, 2010.
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
NHIN DIRECT REST IMPLEMENTATION Prepared by: The NHIN Direct REST Team June 8, 2010.
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.
Enhanced Digest (draft-undery-sip-auth-00.txt) Sanjoy Sen, Nortel Networks James Undery, Ubiquity Vesa Torvinen, Ericsson.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.
ROLL RPL Security IETF 77 status
Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.
End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60.
1/7 Clarification of Privacy Mechanism for SIP draft-munakata-sipping-privacy-clarified-00 Mayumi Munakata (NTT) Shida Schubert (NTT) IETF67 SIPPING 1.
Public Safety Answering Point (PSAP) Callbacks draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne, H. Tschofenig, M. Patel.
SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.
RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:
1 © 2001, Cisco Systems, Inc. All rights reserved. VVT _05_2001_c1 Resource Priority Header draft-ietf-sip-resource-priority-05 James M Polk Henning.
Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Connected Party ID (considered evil) Who I’m Talking To Cullen Jennings
March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Diameter SIP Application
Extension to the Path Computation Element Communication Protocol for Enhanced Errors and Notifications draft-pouyllau-pce-enhanced-errors-02 H. Pouyllau.
March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling
The “application” Profile Type (draft-channabasappa-sipping-app-profile-type-01) Sumanth Channabasappa Josh Littlefield Salvatore Loreto 70th IETF, Vancouver,
August 2001 Slide 1 Extensions to TLS Simon Blake-Wilson Certicom David Hopwood Independent Consultant Jan Mikkelsen Transactionware Magnus Nystrom RSA.
1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
Mapping and interworking of Diversion information between Diversion and History-Info Headers in the SIP draft-mohali-bliss-diversion-history-info-00 draft-mohali-bliss-diversion-history-info-00.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
Page 1 IETF DRINKS Working Group Data Model and Protocol Requirements for DRINKS IETF 72 - Thursday July Tom Creighton -
ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
End-to-middle Security in SIP
Authenticated Identity
ECRIT Interim: SIP Location Conveyance
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Transcoding Framework
ROLL RPL Security IETF 77 status
Flemming Andreasen SIP Extensions for Caller Identity and Privacy Flemming Andreasen
draft-ipdvb-sec-01.txt ULE Security Requirements
Transcoding Framework
Presentation transcript:

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62

Status Mechanism I-D –Has been implemented –Service Providers will need this more, as S/MIME gets widely deployed. Currently only few S/MIME-supporting UAs are out there. Cert management in SIP (sipping-cert) will change this. Requirements I-D –Going under IESG review

Changes from -03 Deleted the open issue about labeling a body destined for “middle” –A new SIP header “Proxy-Required-Body” Changed a response code for requiring a signature –A new response “495 Signature required” Changed how to protect a label and its constraint –-03: Signature for a body which includes a label within sipfrag was SHOULD. –-04: TLS is now SHOULD and the signature for sipfrag is MAY. A proxy server trusted to provide SIP routing is generally trusted to process all SIP headers. Therefore, hop-by-hop security is reasonable for the protection. Deleted the open Issue about removing a label by proxy before forwarding –It is allowed to remove a label depending on security policies of providers. Updated reference

Open Issue #1 How should the error message indicate the Content-Type which needs a signature to be attached for data integrity? e.g., a body, body parts in multipart/mixed Conclusion: –For data integrity, signature for a body part alone is not sufficient. We always need signature for a whole body. –However, should the signature be inside, outside, or both, when encrypted ?

Open Issue #2 How should a proxy tell a UA to disclose a body while protecting data integrity? Option 1: A new error response for combined reasons. Option 2: An existing response with Warning header Option 3: Existing responses –Instructing a UA one task at time –Causes more messages than Option 1&2. My proposal: Option 2

Next Step Can you think of any other open issues? I will update this draft right after this IETF meeting.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.