Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan

Slides:

Advertisements

Similar presentations

SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.

Advertisements

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

SIPPING 3GPP Requirements Ad Hoc Meeting Georg Mayer IETF#53, Minneapolis.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

SIP Working Group Jonathan Rosenberg dynamicsoft.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.

Proposed Fix to HERFP* (Heterogeneous Error Response Forking Problem) Rohan Mahy * for INVITE transactions.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

Module 6 Planning and Deploying Messaging Security.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

S/MIME Certificates Cullen Jennings

1 R 255 G 211 B 8 R 255 G 175 B 0 R 127 G 16 B 162 R 163 G 166 B 173 R 137 G 146 B 155 R 175 G 0 B 51 R 52 G 195 B 51 R 0 G 0 B 0 R 255 G 255 B 255 Primary.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Cullen Jennings Certificate Directory for SIP.

S/MIME and Certs Cullen Jennings

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-01 David Hancock, Daryl Malas.

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

SIP INFO Event Framework (draft-kaplan-sip-info-events-00) Hadriel Kaplan Christer Holmberg 70th IETF, Vancouver, Canada.

SIP Connection Reuse Efficiency Rohan Mahy—Airespace

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

SIP Extensions for Network-Asserted Caller Identity and Privacy within Trusted Networks Flemming Andreasen W. Marshall, K. K. Ramakrishnan,

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

1/7 Clarification of Privacy Mechanism for SIP draft-munakata-sipping-privacy-clarified-00 Mayumi Munakata (NTT) Shida Schubert (NTT) IETF67 SIPPING 1.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

Connected Party ID (considered evil) Who I’m Talking To Cullen Jennings

March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.

GRUU Jonathan Rosenberg Cisco Systems. Changes in -06 Editorial as a result of RFC-ED early copy experiment.

Outbound draft-ietf-sip-outbound-01 Cullen Jennings.

Location Conveyance in SIP draft-ietf-sip-location-conveyance-01 James M. Polk Brian Rosen 2 nd Aug 05.

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

End-to-middle Security in SIP

Authenticated Identity

draft-rescorla-fallback-01

SIP for Grid networks Franco Callegati, Aldo Campi, Walter Cerroni

Cullen Jennings S/MIME Certificates Cullen Jennings

ECRIT Interim: SIP Location Conveyance

draft-ietf-simple-message-sessions-00 Ben Campbell

draft-ietf-simple-message-session-09

Examining Session Policy Topologies

Jonathan Rosenberg dynamicsoft

SIP Identity issues John Elwell, Jonathan Rosenberg et alia

Verstat Related Best Practices

Jean-François Mulé CableLabs

Security at the Application Layer: PGP and S/MIME

SIP Session Timer Glare Handling

Presentation transcript:

Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan draft-elwell-sip-state-update-00 draft-jennings-sipping-connected-00 draft-ietf-sipping-qsig2sip-04 RFC 3325

Problem Need names that User Agents can display to Users We have a proliferation of Identity related data containers, ways to transport them, and times they can be changed, and entities that can change them No one know what any of the mean. Most of them are very ill defined. They don’t meet needs identified

Requirements - Are they right? Need a way for SIP to indicate the identify of the user at the other end of a session (for both ends) Identity changes during a call (both in early dialog and in dialog) Biloxi proxy may know (from mutual TLS) that the call is from Atlanta proxy even though it can’t verify it is from Alice. Want transitive trust (like sips url). The entity sending believes this information because: –It has some way of figuring out it is true –It received it from someone it is configured to believe –It modified the information to match its belief Information is subject to Privacy Works even if user does not have a certificate.Not every user has a certificate. If they did, not everyone else could get it. If they could, what it asserts may not be useful.

Can changing To/From work Allow Proxy to change To/From Add tag to indicate trust ? Allowing this to change would break 2543 transaction matching. –Does this matter

What about a Name header Add a new header called Name with clearly defined semantic meaning Can be in Request or Response Represents identity of sender or message Can be changed/add/del by Proxy Privacy ID applies to it (Like From/To) Has flag to indicate it is not trusted? Use UPDATE with no SDP to change mid dialog.

Does PAI meet the requirements Write extensions to semantics and meaning of PAI to extend it to meet the needs Has a really difficult problem –PAI is removed as you pass into a new 3325 trust domain Trust Dom ATrust Dom B ABCD

Non-Solutions SipFrag –Can’t be added, changed, by proxy –Solutions where proxy tells UA to add a body might work S/MIME –Can’t have GW have certificates for all PSTN users. –No way to get the certificates to make this work

Recommendation Clean up the Name mess. Provide guidance on which of the many identities a UA receives that it might want to display to a User. Clarify using Update/Re-Invite in dialog