Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cullen Jennings Certificate Directory for SIP.

Published byMarilyn Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "Cullen Jennings Certificate Directory for SIP."— Presentation transcript:

1 Cullen Jennings fluffy@cisco.com Certificate Directory for SIP

2 SIP Security depends on S/MIME with user certificates Encryption of SDP (and keys for SRTP) Refer Identity Request History End to Middle? Middle to End? This requires Certificates in the UA’s SIP Security & SMIME

3 Traditional “PKI” certs (like Verisign) Problem: Enrollment difficulty and yearly fee to CA Private CA certs Problem: Only work if all callers have this CA as a trust anchor. Self signed certs Problem: Need a directory to store certs and vouch for them Certificates

4 Way for UAC to locate the directory use domain from AOR Way for the UAC to authenticate the directory use traditional PKI Way to fetch certs HTTPS, LDAPS, other Way to store certs HTTPS, LDAPS, Sacred Way for directory to authenticate the UAS reuse SIP credential (Digest shared secret) Way for the UAC to authenticate the directory use traditional PKI Certificate Directory UACUAS Server 3 12

5 Wrote a draft using the HTTPS options draft-jennings-sipping-certs-01 00 version done before last IETF Several security people have looked at it They believe it works and can be reasonably secure Provides certificates with minimal cost Introduces an extra TLS connection setup to calls with no cached certificate Requires each domain to run an e- commerce style web server Is only as trustable as the server is trustable Does the WG want to solve this problem? Proposal

Download ppt "Cullen Jennings Certificate Directory for SIP."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

Similar presentations

Ads by Google