IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

Sip Traversal Required for Applications to Work (STRAW) WG Proposal straw-man: Hadriel Kaplan.

STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.

1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

Media Description for IKE in SDP draft-saito-mmusic-sdp-ike-01 Makoto Saito Dan Wing

SIP Security Matt Hsu.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

Early Media in SIP: Problem Statement, Requirements, and Analysis of Solutions draft-barnes-sip-em-ps-req-sol Richard Barnes BBN Technologies IETF 68,

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

Sip Traversal Required for Applications to Work (STRAW) WG Proposal straw-man: Hadriel Kaplan.

March 10, 2008SIPPING WG IETF-711 Secure Media Recording and Transcoding with the Session Initiation Protocol draft-wing-sipping-srtp-key-03 Dan Wing Francois.

Eugene Chang EMU WG, IETF 70

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 4 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

1 A Path Forward on Identity Agreement on a problem space –We all agree that E.164 numbers don’t work well with RFC4474 –Less agreement about the requirements.

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

1 R 255 G 211 B 8 R 255 G 175 B 0 R 127 G 16 B 162 R 163 G 166 B 173 R 137 G 146 B 155 R 175 G 0 B 51 R 52 G 195 B 51 R 0 G 0 B 0 R 255 G 255 B 255 Primary.

Moving RFC 6193 to Proposed Standard MMUSIC – IETF 81 – Quebec City July 2011 Makoto Saito, Dan Wing, Masashi Toyama,

November 2005IETF64 - ECRIT1 Emergency Service Identifiers draft-ietf-sipping-sos-01 draft-schulzrinne-sipping-service-01 Henning Schulzrinne Columbia.

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 February 14, 2014 Unity Connection Legal.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

IETF70, Vancouver, December 2007draft-wing-sipping-srtp-key-021 Disclosing Secure RTP (SRTP) Session Keys draft-wing-sipping-srtp-key-02 Dan Wing,

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.

Draft-ietf-sip-dtls-srtp-framework-00 IETF 70 Vancouver.

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

STIR In-Band Signature Transport draft-kaplan-stir-ikes-out-00 Hadriel Kaplan.

1 Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing.

SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.

Interactive Connectivity Establishment : ICE

IETF 831 Chairs: Flemming Andreasen Miguel A. Garcia.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan

1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.

GIN with Literal AoRs for SIP in SSPs (GLASS) draft-kaplan-martini-glass-00 Hadriel Kaplan.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

1 Connectivity Preconditions for SDP Media Stream draft-andreasen-mmusic-connectivityprecondition-00.txt March 3, 2004 Flemming Andreasen

Dan Wing IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past.

Request History Capability – Requirements & Solution

Transcoding Framework

Session Initiation Protocol (SIP)

SIP Identity issues John Elwell, Jonathan Rosenberg et alia

Session-ID Requirements at IETF83

Ron Shacham Henning Schulzrinne Srisakul Thakolsri Wolfgang Kellerer

Transcoding Framework

Change Proposals for SHAKEN Documents

RFC Verifier Behavior Step 4: Check the Freshness of Date

Presentation transcript:

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing, Hadriel Kaplan,

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-012 IPR Notice Cisco has claimed IPR on this technique

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-013 Motivation: SBCs Break SIP-Identity (RFC4474) Signatures RFC4474 signs the SIP body –including SDP SBCs rewrite SDP (m=/c= lines) Requirement Identity should survive rewriting of SDP

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-014 Retaining Identity SIP-Identity-Media retains the originating domain’s signature Works with SBCs that modify SDP SIP-Identity-Media SIP-Identity (RFC4474)

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-015 Diagram of Operation Domain A Domain B Service Provider(s) 1. Sign user’s identity 2. Validate signature 3. Perform ICE, TLS, DTLS-SRTP, or HIP on media path SBC SIP Proxy SBC

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-016 Call Flow Domain-A Domain-B Auth. Auth. Endpoint-A Service SBCs Service Endpoint-B | | | | | 1. |--Invite->| | | | 2. | sign | | | 3. | |-Invite-->|-Invite-->| | 4. | | | validate | 5. | | | | >| 6. | | 7. | | | | validate 8. | | | | ring phone | | | | |

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-017 Questions draft-wing-sip-identity-media-01 Dan Wing, Hadriel Kaplan,

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-018 Backup Slides

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-019 Technical Differences from SIP-Identity (RFC4474) Replay protection requires running ICE (with extension), DTLS-SRTP, TLS, or HIP –On endpoint or domain-operated SBC –Firewalls or SBCs may block media path until ‘200 Ok’ Avoids public key operations for intermediate domains (service providers) Endpoint does a public key operation –Might already be doing it (DTLS-SRTP, HIP)