Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for Change/Improvments in STIR/SHAKEN Technical Report on SHAKEN APIs for a Centralized Signing and Signature Validation Server.

Published byΜέλαινα Μάγκας Modified over 5 years ago

Similar presentations

Presentation on theme: "Proposal for Change/Improvments in STIR/SHAKEN Technical Report on SHAKEN APIs for a Centralized Signing and Signature Validation Server."— Presentation transcript:

1 Proposal for Change/Improvments in STIR/SHAKEN Technical Report on SHAKEN APIs for a Centralized Signing and Signature Validation Server

2 “iat” Content “iat” is “issued at” Claim RFC7519 JSON Web Token (JWT )
It pertains to PASSPorT token, i.e. it needs to contain the time when it is constructed RFC7519 JSON Web Token (JWT ) Arguably the “most authorative” specification regarding “iat” content "iat" (Issued At) Claim The "iat" (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL. This text clearly states that “iat” should be populated with the generation time of JWS. 6.1 Datatype: signingRequest “Issued At Claim”: Should be set to the date and time of issuance of the PASSporT Token. This is how it should to be populated. 8.1.1 Functional Behavior The “iat” parameter is populated using the “Date” header field in the SIP Invite. If there is no “Date” header field in the SIP Invite, a Date header field is added to the SIP INVITE. Contradicts RFC7519 and 6.1 RFC8244 also needs to be modified regarding content of “iat” Start of session (which Date header is based on) and PASSPorT generation are temporarily not necessarily close Example: PASSPorT generated just before session is routed to a partner network after announcement/digit collection This could introduce a non-negligible artificial drift and cause freshness check issues during validation

3 STI-AS/VS Overload A signing/verification request associated with a real time session setup procedure needs to complete in a given time frame. Current HTTP overload control relies on using 503 with a Retry-After header indicating for how long no request should be sent to a server. This, although sufficient for certain applications, does not always provide satisfactory results as it allows only binary control of the load following a step function pattern. TCP congestion window does not address this issue either as it does not allow an application direct control and is impacted by network conditions like latency, jitter, packet loss. A mechanism is needed to efficiently deal with sTO-AS/VS overload Similar phenomena is observed for other protocols as well. For example, for SIP the issue is addressed by defining a specific mechanism in RFC 7339 Same overall strategy can be used for HTTP as well Server indicates “drop rate” in 503 responses Work in progress and needs improvements, e.g. clarification about scope, retrying requests, introducing “validity time” parameter.

4

Download ppt "Proposal for Change/Improvments in STIR/SHAKEN Technical Report on SHAKEN APIs for a Centralized Signing and Signature Validation Server."

Similar presentations

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.

July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
CS 218 F 2003 Nov 3 lecture:  Streaming video/audio  Adaptive encoding (eg, layered encoding)  TCP friendliness References: r J. Padhye, V.Firoiu, D.

CS 218 F 2003 Nov 3 lecture:  Streaming video/audio  Adaptive encoding (eg, layered encoding)  TCP friendliness References: r J. Padhye, V.Firoiu, D.
RTSP Real Time Streaming Protocol

RTSP Real Time Streaming Protocol
Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.

Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.
MobiQuitous 2004Kimaya Sanzgiri Leveraging Mobility to Improve Quality of Service in Mobile Networks Kimaya Sanzgiri and Elizabeth Belding-Royer Department.

MobiQuitous 2004Kimaya Sanzgiri Leveraging Mobility to Improve Quality of Service in Mobile Networks Kimaya Sanzgiri and Elizabeth Belding-Royer Department.
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
1 Ethics of Computing MONT 113G, Spring 2012 Session 8 The Internet HTML.

1 Ethics of Computing MONT 113G, Spring 2012 Session 8 The Internet HTML.
1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Performance of HTTP Application in Mobile Ad Hoc Networks Asifuddin Mohammad.

Performance of HTTP Application in Mobile Ad Hoc Networks Asifuddin Mohammad.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
Module 10: How Middleboxes Impact Performance

Module 10: How Middleboxes Impact Performance
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.

All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.
SIP working group IETF#70 Essential corrections Keith Drage.

SIP working group IETF#70 Essential corrections Keith Drage.
SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.

SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.
CSE5803 Advanced Internet Protocols and Applications (14) 1 14.1 Introduction Developed in recent years, for low cost phone calls (long distance in particular).

CSE5803 Advanced Internet Protocols and Applications (14) Introduction Developed in recent years, for low cost phone calls (long distance in particular).
RESTful Web Services What is RESTful?

RESTful Web Services What is RESTful?

Similar presentations

Ads by Google