[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: "'Elwell, John'" <john.elwell@xxxxxxxxxxx>, <sip@xxxxxxxx>
Subject: RE: [Sip] SIP Identity using Media Path
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Wed, 4 Jul 2007 01:45:34 -0700
Authentication-results: rtp-dkim-1; header.From=dwing@xxxxxxxxx; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1955; t=1183538736; x=1184402736; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20[Sip]=20SIP=20Identity=20using=20Media=20Path |Sender:=20 |To:=20=22'Elwell,=20John'=22=20<john.elwell@xxxxxxxxxxx>,=20<sip@xxxxxxx g>; bh=IzxIaa6I/3YyMVq6xlET2NNro8wuDD6Yo4tYjfQrHTw=; b=ryTAmKLavQlLxYEi+2ZwXaVGMGI2h+aefkpQwbMOaPqMf7ItqTXHVrCh7YfM2Zx5NLPGPWV8 kASMynN5BzqLFF1pZdlInfz4afWEu+2rbKa+iEHZVh2dvSivWzw1djZi;
In-reply-to: <0D5F89FAC29E2C41B98A6A762007F5D019F2FA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace82p2yNu6lfaNzQcq8BXk5gCIEoQBMzNngAAHQ63A=

> The mechanism described for ICE seems to provide an 
> alternative to ICE's
> password-based mechanism for correlating binding requests with
> offer-answer exchanges.

It's not an alternative to ICE's username and password; the new 
attributes (PK-CHALLENGE, PK-RESPONSE) would be used in addition 
to the existing STUN attributes used by ICE's connectivity
checks.  The ICE username/password would still be used for
message integrity and to associate a flow with an endpoint's
SDP answer.

> I have not seen any motivation for this
> alternative.

The motivation is proving you know the private key 
associated with the public key.  It's only after that
proof that you can be assured the Invite wasn't captured
by an attacker, had its SDP replaced with the attacker's
IP address, and replayed to you.

All of the proof of identity techniques described in the
paper exchange a public key over the media path (HIP, DTLS-SRTP,
TLS) or in the SIP signaling path (ICE).  Then, over the media 
path, the remote party proves he knows the private key 
associated with that public key.  This proof of knowledge of
the private key is part of the handshake for HIP, DTLS,
and TLS; what the paper does is describe how ICE can do 
something similar.  The primary purpose of ICE in that
family of proof of identity techniques is to provide a 
modicum of SBC-survivable identity if RTP (or SRTP 
with Security Descriptions) is used.  Things are obviously
much more secure if DTLS-SRTP, TLS, or HIP are used,
as this ensures nothing is going to inject RTP packets
into the stream; using RTP can't ensure that.


(Crypto experts will point out there is a mafia fraud 
attack problem with the ICE technique as described 
in the paper.  That is true, but if you're not going 
to run SRTP using a secure keying mechanism you're 
suffering the same risk of someone injecting RTP into
your stream as the mafia fraud attack.)

-d

Follow-Ups:
- RE: [Sip] SIP Identity using Media Path
  - From: Elwell, John

References:
- RE: [Sip] SIP Identity using Media Path
  - From: Elwell, John

Prev by Date: RE: [Sip] SIP Identity using Media Path
Next by Date: RE: [Sip] SIP Identity using Media Path
Previous by thread: RE: [Sip] SIP Identity using Media Path
Next by thread: RE: [Sip] SIP Identity using Media Path
Index(es):
- Date
- Thread