Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

Published byChristian Jeffrey Modified over 9 years ago

Similar presentations

Presentation on theme: "SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair."— Presentation transcript:

1 SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair

2 Very Brief description of SIP Rendezvous protocol can “go direct” or use proxies/intermediaries register Contacts to an Address of Record discover appropriate Contacts setup sessions by exchanging offers and answers SIP-specific subscribes and notifies text-based (looks sorta like HTTP + email) –INVITE sip:rohan@cisco.com SIP/2.0 –SIP/2.0 200 OK / 404 Not Found / etc... carries direct or indirect MIME content

3 State of SIP security Digest used for user authentication end-to-end or end-to-middle TLS used for hop-by-hop server authentication, encryption, integrity, and optional mutual auth (TLS with RSA, AES128_CBC, SHA1) optional IPsec for hop-by-hop encryption and integrity S/MIME for end-to-end encryption and integrity media (ex: RTP audio, game, chat) SIP signaling

4 Good reasons for Object security in SIP Verifying you are still talking to the same person you started talking with (even if they are otherwise anonymous) SIP for Instant Messaging SIP between telephone network devices 3rd-party identity assertions for folks you authenticated some other way (possibly on a per call basis)

5 History: SIP uses S/MIME Mar 1999: RFC-2543 (SIP) published as PS. specs PGP for end-to- end security. about 3 early implementations, none worked together (badly underspecified, lots of implicit behavior) Nov 2001: Numerous requests for Digest enhancements (including some body integrity stuff (see draft-undery-sip-auth-01.txt) Dec 2001: PGP Deprecated by SIP WG Jan 2002: IESG requests addition of S/MIME to SIP spec Feb/Jun 2002: RFC-3261 specs S/MIME for end-to-end security, provides much more motivational text, (ex: optional usage with self- signed certs), still underspecified Mar 2002: draft-peterson-sip-identity-00.txt adopted as WG item. Uses S/MIME for 3rd party assertion of identity. Oct 2002: draft-peterson-sip-smime-aes-00.txt proposes update/tighter spec of SIP S/MIME. Uses AES. Nov 2002: draft-mahy-sipping-smime-vs-digest-00.txt discusses shared-key signing issues.

6 What does SIP community want from S/MIME? Advice from the horse’s mouth Help with S/MIME/CMS implementations ;-) –not SIP community’s core competence to add stuff to S/MIME or CMS libraries Unification of end-to-end/end-to-middle authentication, or not… (we use Digest and S/MIME now) SIMPLE needs sessions of messages. should we use S/MIME for this? might need shared key authentication for this. Lots of stuff we want to do with 3rd party assertions: use signed “assertion” documents, or attribute certs, something else?

7 References RFC 3261 draft-ietf-sip-identity-00.txt draft-ietf-sip-authid-body-00.txt draft-mahy-sipping-smime-vs-digest-00.txt draft-peterson-sip-smime-aes-00.txt draft-ietf-sip-referredby-00.txt draft-ietf-sip-privacy-general-01.txt draft-undery-sip-auth-01.txt http://www.softarmor.com/sipwg/ http://www.softarmor.com/sipping/

Download ppt "SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair."

Similar presentations

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Presence and IM as SIP Services Jonathan Rosenberg Chief Scientist.

Presence and IM as SIP Services Jonathan Rosenberg Chief Scientist.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
© 2006 NEC Corporation - Confidential age 1 November 2008 - 1 SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Adding SASL to HTTP/1.1 draft-nystrom-http-sasl-07.txt Magnus Nyström, RSA Security Alexey Melnikov, Isode Limited

Adding SASL to HTTP/1.1 draft-nystrom-http-sasl-07.txt Magnus Nyström, RSA Security Alexey Melnikov, Isode Limited
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.

Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
Service Identification Jonathan Rosenberg Cisco. Agenda Service Identification Architecture draft (draft-rosenberg-sipping-service- identification) Media.

Service Identification Jonathan Rosenberg Cisco. Agenda Service Identification Architecture draft (draft-rosenberg-sipping-service- identification) Media.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

Similar presentations

Ads by Google