Cullen Jennings - PowerPoint PPT Presentation

1 / 5
About This Presentation
Title:

Cullen Jennings

Description:

Cullen Jennings. fluffy_at_cisco.com. Certificate Directory for SIP. SIP Security depends on S/MIME with user certificates. Encryption of SDP (and keys for SRTP) ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 6
Provided by: ietf
Learn more at: http://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Cullen Jennings


1
Certificate Directory for SIP
  • Cullen Jennings
  • fluffy_at_cisco.com

2
SIP Security SMIME
  • SIP Security depends on S/MIME with user
    certificates
  • Encryption of SDP (and keys for SRTP)
  • Refer
  • Identity
  • Request History
  • End to Middle? Middle to End?
  • This requires Certificates in the UAs

3
Certificates
  • Traditional PKI certs (like Verisign)
  • Problem Enrollment difficulty and yearly fee to
    CA
  • Private CA certs
  • Problem Only work if all callers have this CA as
    a trust anchor.
  • Self signed certs
  • Problem Need a directory to store certs and
    vouch for them

4
Certificate Directory
  • Way for UAC to locate the directory
  • use domain from AOR
  • Way for the UAC to authenticate the directory
  • use traditional PKI
  • Way to fetch certs
  • HTTPS, LDAPS, other
  • Way to store certs
  • HTTPS, LDAPS, Sacred
  • Way for directory to authenticate the UAS
  • reuse SIP credential (Digest shared secret)
  • Way for the UAC to authenticate the directory
  • use traditional PKI

Server
1
2
3
UAC
UAS
5
Proposal
  • Wrote a draft using the HTTPS options
  • draft-jennings-sipping-certs-01
  • 00 version done before last IETF
  • Several security people have looked at it
  • They believe it works and can be reasonably
    secure
  • Provides certificates with minimal cost
  • Introduces an extra TLS connection setup to calls
    with no cached certificate
  • Requires each domain to run an e-commerce style
    web server
  • Is only as trustable as the server is trustable
  • Does the WG want to solve this problem?
Write a Comment
User Comments (0)
About PowerShow.com