Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,

Published byNaomi Justina Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,"— Presentation transcript:

1 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing, dwing@cisco.com Hadriel Kaplan, hkaplan@acmepacket.com

2 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-012 IPR Notice Cisco has claimed IPR on this technique http://www1.ietf.org/ietf/IPR/cisco-ipr-draft-wing-sip-identity-media-00.txt

3 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-013 Motivation: SBCs Break SIP-Identity (RFC4474) Signatures RFC4474 signs the SIP body –including SDP SBCs rewrite SDP (m=/c= lines) Requirement Identity should survive rewriting of SDP

4 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-014 Retaining Identity SIP-Identity-Media retains the originating domain’s signature Works with SBCs that modify SDP SIP-Identity-Media dwing@cisco.com +14085255314@cisco.com SIP-Identity (RFC4474) dwing%cisco.com@sp1.example.com +14085255314@sp1.example.net +14085255314@sp2.example.net

5 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-015 Diagram of Operation Domain A Domain B Service Provider(s) 1. Sign user’s identity dwing@cisco.com +14085551212@cisco.com 2. Validate signature 3. Perform ICE, TLS, DTLS-SRTP, or HIP on media path SBC SIP Proxy SBC

6 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-016 Call Flow Domain-A Domain-B Auth. Auth. Endpoint-A Service SBCs Service Endpoint-B | | | | | 1. |--Invite->| | | | 2. | sign | | | 3. | |-Invite-->|-Invite-->| | 4. | | | validate | 5. | | | |-------->| 6. | | 7. | | | | validate 8. | | | | ring phone | | | | |

7 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-017 Questions draft-wing-sip-identity-media-01 Dan Wing, dwing@cisco.com Hadriel Kaplan, hkaplan@acmepacket.com

8 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-018 Backup Slides

9 IETF70, Vancouver, December 2007draft-wing-sip-identity-media-019 Technical Differences from SIP-Identity (RFC4474) Replay protection requires running ICE (with extension), DTLS-SRTP, TLS, or HIP –On endpoint or domain-operated SBC –Firewalls or SBCs may block media path until ‘200 Ok’ Avoids public key operations for intermediate domains (service providers) Endpoint does a public key operation –Might already be doing it (DTLS-SRTP, HIP)

Download ppt "IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,"

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Sip Traversal Required for Applications to Work (STRAW) WG Proposal straw-man: Hadriel Kaplan.

Sip Traversal Required for Applications to Work (STRAW) WG Proposal straw-man: Hadriel Kaplan.
STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.

STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.
1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.

1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Media Description for IKE in SDP draft-saito-mmusic-sdp-ike-01 Makoto Saito Dan Wing

Media Description for IKE in SDP draft-saito-mmusic-sdp-ike-01 Makoto Saito Dan Wing
SIP Security Matt Hsu.

SIP Security Matt Hsu.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

Similar presentations

Ads by Google