SIP Security Status

1
SIP Security Status

• Michael Thomas
• mat_at_cisco.com

2
Current Status

• 2543bis leaves HTTPisms, rest deprecated
• Many BOFs, many different points of view
• Many common themes though
• One combination framework and requirements draft,
  and several drafts positing both point and
  generalized authentication schemes
• Many drafts are becoming more and more aware that
  there is the need for better security than an
  unauthenticated assertion isnt adequate
• The workability of all of them rolling their own
  is nil
• Hercules should have it so easy

3
Proposal to Move Forward

• Separate out base level SIP outside attacks
  from inside attacks
• 2543bis provide a base mechanism for outside
  attacks
• IPsec, TLS, return routability
• Retain HTTPisms for compatibility
• Allow 2543bis to advance without requirement for
  answers to harder-to-counter inside attacks
• Moratorium on inside attack crypto work
• Separate Standards Track draft for SIP security
  which addresses inside attacks and more
• Separate Informational Track Requirements draft

4
Proposed Work

• Create Requirements/Threats Draft
• Can reuse some of my draft as starting point
• Come to consensus on 2543bis base requirements
• Create a framework which can accommodate current
  popular authentication mechanisms
• X.509/PKI, Kerberos, Pre-shared, Radius/AAA
• Focus on a simple initial authentication scheme
• Maybe pre-shared and/or NULL?
• Focus on two scenarios
• UA-Proxy authentication (normal onramp challenge)
• Proxy-Proxy identity assertion (referrals/caller-i
  d)
• Would be nice to align this with SRTP/SDP keying