Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Slide title :32-35pt Color: R153 G0 B0 Corporate Font : FrutigerNext LT Medium Font to be used by customers.
Ethan Kim. o Websites o Youtube, Hulu, Fox, NBC, etc. o Media Players o Windows Media Player, Real Player o Video Conferencing o Skype, MSN Messenger,
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Ericsson satsning på Public Safety - National Security HIØ Personalseminar – 9. mai 06 - Ed.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
Circuit & Application Level Gateways CS-431 Dick Steflik.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt BSNL 3G Network Parameters affecting Data Speed
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Consumers’ Awareness of, Attitudes Towards and Adoption of Mobile Phone Security Stewart Kowalski, Ericsson.
A Brief Taxonomy of Firewalls
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Security Level: Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Bitstream and Hybrid Model VQEG Meeting, Kyoto, March 2008 Jörgen Gustafsson and Martin Pettersson.
1 Analysis of NGMN Requirements REQ 3: Energy Saving.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt ESPA in WCDMA.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-02 Suresh Krishnan Ana Kukec Khaja Ahmed.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt PBB-TE Status Report Panagiotis Saltsidis.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
Slide title minimum 48 pt Slide subtitle minimum 30 pt RTP Multiple Stream Sessions and Simulcast draft-westerlund-avtcore-multistream-and-simulcast-00.
Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
HUAWEI TECHNOLOGIES CO., LTD. Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext LT Medium Font to.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Security Level: Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext.
Presented By Team Netgeeks SIP Session Initiation Protocol.
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Simple DNA draft-krishnan-dna-simple-03 Suresh Krishnan Greg Daley.
Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum
HUAWEI TECHNOLOGIES CO., LTD. Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext LT Medium Font to be used by customers.
Slide title 48 pt Slide subtitle 30 pt IPv6/UDP Zero-Checksum Magnus Westerlund Gorry Fairhurst draft-fairhurst-tsvwg-6man-udpzero-00.
SIP working group IETF#70 Essential corrections Keith Drage.
RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Ambient Networks Media Delivery in the 3GPP Framework Author: Outi Koski Supervisor: Heikki Hämmäinen.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-01 Suresh Krishnan Ana Kukec Khaja Ahmed.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Some Background about 3GPP SA4’s RTSP extensions Thorsten Lohmar.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt DNA wg IETF71.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund.
Security Level: HUAWEI TECHNOLOGIES CO., LTD. Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext LT.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Guidelines for Firewall Administrators Mobile IPv6 Suresh Krishnan, Niklas Steinleitner, Ying Qiu, Gabor.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Authentication/Authorization for possible deployments Relevant scenarios for CAFE.
1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Capacity Management in WCDMA.
Slide title minimum 48 pt CAPITALS Slide subtitle minimum 30 pt Glare Handling in WebRTC Signalling Magnus Westerlund draft-jennings-rtcweb-signaling-01.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Simple DNA draft-ietf-dna-simple-03 Suresh Krishnan Greg Daley.
March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling
Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext LT Medium Font to be used by customers and partners.
Partial Notifications IETF 56 SIMPLE WG draft-lonnfors-simple-presinfo-deliv-reqs-00 draft-lonnfors-simple-partial-notify-00 Mikko Lönnfors
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Guidelines for Firewall Vendors Mobile IPv6 Suresh Krishnan, Yaron Sheffer, Niklas Steinleitner, Gabor.
Slide title :32-35pt Color: R153 G0 B0 Corporate Font : FrutigerNext LT Medium Font to be used by customers and partners : Arial Slide text :20-22pt Bullets.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt GMPLS RSVP-TE extensions for OAM Configuration IETF-81 Quebec.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 1 Slide title :32-35pt Color: R153 G0 B0 Corporate Font : FrutigerNext LT Medium Font to be used.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Flow Distribution Rule Language for Multi-Access Nodes draft-larsson-mext-flow-distribution-rules-01.
Hypertext Transfer Protocol
Module Overview Installing and Configuring a Network Policy Server
Session Initiation Protocol (SIP)
Text Here Bullet point copy here Title of Large Bullet Slide Text May be Put Here with Multiple Bullets Below Secondary Bullet Style Second Bullet.
ADD TITLE HERE Add subtitle here.
Presentation transcript:

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12

Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets level pt IETF 65 - TLS WGRTSP Real-Time Streaming Protocol  Signalling protocol for controlling streaming sessions, i.e. the network remote control.  Media normally goes in its own transport session over UDP. Exception is the interleaved mode, which is last resort fall back solution.  Has a ”rtsps” URI scheme to indicate the requirement to use TLS protected signalling.  Normal TLS usage is defined in section 18.2  Uses the guidelines from RFC 2818

Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets level pt IETF 65 - TLS WGRTSP RTSP and Proxies  Some environement requires proxies: –Firewalls need to open pinholes for the media –Logging or content filtering of some media content  Many of these cases can accept a trust model where the proxy is trusted. This due to the close association with it, like your companies.  Defined a mechanism for handling multiple TLS hops by either: 1.have the proxy relay the next hop server certificate to the client and have it approve the certificate. 2.let the proxy determine which certificates to accept 3.accept any certificate (Debugging only)

Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets level pt IETF 65 - TLS WGRTSP TLS connect walkthrough 1.Client connects with TLS and send Request to proxy. 2.Proxy Connects with TLS to server and get server side certificate. 3. Proxy responds to request with 470 ( Connection Authorization Required), and include certificate. 4.Client checks certificate, and accepts it by including a hash of the certificate and proxy URI in the Accept-Credentials header and resend the request. 5.Proxy matches hash with connection and forwards request in TLS. Server Proxy Client

Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets level pt IETF 65 - TLS WGRTSP Open Issue in Accept-Credentials  The Accept-Credentials header is sent as part of the request when needed.  Each entry within the Accept-Credentials headers has an intended proxy.  Should that proxy remove the entry intened for itself before forwarding the request?  Doing the above procedure rather then having them go end to end would: –Reduce bandwidth in requests –Slightly increase processing load –Hide earlier TLS hops from later RTSP agents –The Via header shows route, however it allows for a proxy to hide topology  Any security implications?

Top right corner for field-mark, customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide subtitle 24 pt Text 24 pt Bullets level pt IETF 65 - TLS WGRTSP Request for Review  Document is getting close to WG last call in MMUSIC WG  Want to have review on the security mechanisms before that to avoid to late suprises  Please review section 18 and send comments to authors and MMUSIC WG.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.