[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SIP Identity using Media Path

To: "'SIP Working Group'" <sip@xxxxxxxx>
Subject: SIP Identity using Media Path
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Mon, 2 Jul 2007 11:55:54 -0700
Authentication-results: rtp-dkim-2; header.From=dwing@xxxxxxxxx; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1716; t=1183402555; x=1184266555; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20SIP=20Identity=20using=20Media=20Path |Sender:=20 |To:=20=22'SIP=20Working=20Group'=22=20<sip@xxxxxxxx>; bh=qAoFSkGTA1TSkN9bT/hwRA2lssmKMTIn0/jCJSl2RhE=; b=CghpsNJtHUIydXnnxfIlBB3pfWJkzNaPcYOMoArGeGAlOHaGzzZ7NC9Rx07cMisRlED2U4NM EbHvh4FvKSvS4QtiMsCxeoja+wAMSBLv257CNAcY5x1JE6vzfSOFRjpF;
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Reply-to: <sip@xxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace82p2yNu6lfaNzQcq8BXk5gCIEoQ==

As many of you are aware, the signature created by SIP-Identity
(RFC4474) breaks if an SBC or B2BUA modifies the SDP in the SIP body.
Typically these modifications include changing the m/c lines (to
direct the RTP media through the SBC itself, or through a transcoder),
or performing other adjustments of the SDP to interwork with bugs and
features of other SIP networks or other endpoints.


I just submitted a draft, "SIP Identity using Media Path", which
describes a mechanism that allows RFC4474-like signatures and also
allows SBCs and B2BUAs to modify the message's SDP.  Links to HTML
and plain text versions of the Internet Draft are below.

Abstract:

   The existing SIP identity mechanism (RFC4474) creates a signature
   over the SIP body, including the entire SDP.  As part of their normal
   operation, Session Border Controllers (SBCs) and SIP Back-to-Back
   User Agents (B2BUAs) modify various fields in the SDP, breaking the
   signature.

   This document defines a new mechanism to securely identify the
   originator of a SIP message while also allowing modification of the
   SDP by SBCs and B2BUAs.  This new mechanism creates a signature over
   certain SIP headers and certain SDP lines.  Proof of identity over
   the media path using DTLS, TLS, HIP, and an extension to ICE are
   described.

Please send comments on this draft to the SIP mailing list at
sip@xxxxxxxxx

-d

-----

HTML version: 
http://tinyurl.com/25539z
http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-sip-identity-med
ia-00.html

plain text version: 
http://tinyurl.com/2gldnv
http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-sip-identity-med
ia-00.txt

Follow-Ups:
- RE: [Sip] SIP Identity using Media Path
  - From: Elwell, John
- RE: [Sip] SIP Identity using Media Path
  - From: Christer Holmberg (JO/LMF)

Prev by Date: RE: Media Security Requirements Draft: New Requirement
Next by Date: RE: [Sip] SIP Identity using Media Path
Previous by thread: IVR/CallingCard scenario
Next by thread: RE: [Sip] SIP Identity using Media Path
Index(es):
- Date
- Thread