SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, 2014 1Rifaat Shekh-Yusef - SIP Digest Auth.

Slides:



Advertisements
Similar presentations
Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Advertisements

Internet Telecom Expo September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
PAWS WG IETF-84 Device to Database Protocol for White Space July, 2012 Subir Das, John Malyar, Don Joslyn.
SIP Authentication using CHAP-Password Bryan J. Byerly David Williams draft-byerly-sip-radius-00.txt.
The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
SIP Security Matt Hsu.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Diameter SIP application IETF 64 Vancouver, 6-11 November, 2005
1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
Draft-elwell-sipping- redirection-reason-00 Author: John Elwell
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Issues with HTTP Authentication for SIP Hisham Khartabil SIP WG IETF 59, Seoul.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.
RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.
Enhanced Digest (draft-undery-sip-auth-00.txt) Sanjoy Sen, Nortel Networks James Undery, Ubiquity Vesa Torvinen, Ericsson.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.
SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.
Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Conveying Policy URI in Call-info purpose Hisham Khartabil Aki Niemi SIP WG.
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
SIP Events: Changes and Open Issues IETF 50 / SIP Working Group Adam Roach
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.
Diameter SIP Application
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.
March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling
1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.
K. Salah1 Security Protocols in the Internet IPSec.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
CS520 Web Programming Declarative Security (I) Chengyu Sun California State University, Los Angeles.
SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.
End-to-middle Security in SIP
HTTP Headers.
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
draft-ietf-simple-message-sessions-00 Ben Campbell
AAA and AAAS URI Miguel A. Garcia draft-garcia-dime-aaa-uri-00.txt
Challenge-Response New Authentication Scheme
Web Server Design Assignment #4: Authentication
IPv6 Router Alert Option for MPLS OAM
IETF 64 – ENUM WG IANA Registration for an Enumservice Containing PSTN Signaling Information 8 November 2005 Co-Authors:
SIP Authentication using CHAP-Password
draft-ietf-ospf-lls-interface-id-01
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
OAuth Design Team Call 11th February 2013.
Web Server Design Week 13 Old Dominion University
STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.
Web Server Design Week 13 Old Dominion University
Web Server Design Week 13 Old Dominion University
STIR WG IETF-102 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-06) July 18, 2018 Ray P. Singh, Martin Dolly, Subir Das, and.
Transport Layer Security (TLS)
Web Server Design Week 11 Old Dominion University
Web Server Design Week 12 Old Dominion University
Web Server Design Week 12 Old Dominion University
SIP Session Timer Glare Handling
Extended BFD draft-mirmin-bfd-extended
Qin Wu Zhen Cao Yang Shi Baohong He
Diameter ABFAB Application
Presentation transcript:

SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, Rifaat Shekh-Yusef - SIP Digest Auth

Algorithms Agility New Algorithms – SHA-256 – SHA-512/256 IANA Registry – HTTP Digest Hash Algorithms Registry 2Rifaat Shekh-Yusef - SIP Digest Auth

“HTTP Digest Hash Algorithms” Registry Hash Algorithm Digest Size Preference Reference MD RFC XXXX SHA RFC XXXX SHA RFC XXXX Update Policy: Specification Required 3Rifaat Shekh-Yusef - SIP Digest Auth

Forking Forking Proxy – Aggregates challenges into a single response. – Multiple challenges should be differentiated by the realm. – Multiple challenges might belong to the same realm. Can these challenges use different algorithms? UAC – Provides authorization for each realm using the top/preferred algorithm. 4Rifaat Shekh-Yusef - SIP Digest Auth

Forking Backward Compatibility Option 1Option 2 Resource ProxyAlgorithms in order of preference Algorithms in no particular order Forking ProxyMust maintain orderOrder is not significant UACSelect the top algorithm per realm Select the most preferred algorithm per realm, as defined in the IANA Registry. 5Rifaat Shekh-Yusef - SIP Digest Auth

QoP Backward Compatibility RFC3261, Section 22.4, bullet 8 Use of the "qop" parameter is optional in RFC 2617 for the purposes of backwards compatibility with RFC 2069; since RFC 2543 was based on RFC 2069, the "qop" parameter must unfortunately remain optional for clients and servers to receive. However, servers MUST always send a "qop" parameter in WWW- Authenticate and Proxy-Authenticate header field values. If a client receives a "qop" parameter in a challenge header field, it MUST send the "qop" parameter in any resulting authorization header field. RFC H ( H(A1) | nonce | nc | cnonce | qop | H(A2) ) RFC H ( H(A1) | nonce | H(A2) ) 6Rifaat Shekh-Yusef - SIP Digest Auth

Feedback? Forking QoP Backward Compatibility WG adoption 7Rifaat Shekh-Yusef - SIP Digest Auth

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.