Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 - PowerPoint PPT Presentation

Loading...

PPT – Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 PowerPoint presentation | free to download - id: 1a1852-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00

Description:

Provide proxy's identity for confirming certain response codes ... response identity inside response message with the security mechanism for ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 10
Provided by: toms176
Learn more at: http://www.softarmor.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00


1
Response Identity in Session Initiation
Protocoldraft-cao-sip-response-identity-00
  • Feng Cao Cullen Jennings

2
Agenda
  • Introduction
  • Scope
  • Requirements
  • SIP Response Identity
  • Overview
  • Open Issues
  • Summary

3
Introduction Scope
  • Why response identity?
  • Cannot rely on the existing header fields, such
    as To, Reply-to and Contact, in all the
    scenarios
  • Need response identity as early as possible
  • Provide response identity in non-dialog session
  • Provide proxys identity for confirming certain
    response codes
  • Prevent response identity spoofing as early as
    possible
  • Scope of this response identity draft
  • Provide response identity inside response message
    with the security mechanism for verifying the
    integrity of response identity.

4
Introduction Requirement
  • The mechanism must be backward compatible
  • The identity must be clearly specified in the
    header by the responder (or its proxy)
  • The identities of both UAs and proxies must be
    covered
  • The integrity of SIP response must be partially
    covered along with the responders identity
  • The enforcement of providing response identity
    must be provided through the originators
    request.
  • Open question Anonymity of response identity?

5
Enforcement of Response Identity
  • UAC (or its proxy) should be able to ask for
    response identity
  • Required responder-id
  • Open question can any intermediate proxy ask for
    it?
  • Responder (UAS or proxy) should be able to
    decline to disclose the response identity
  • Warning 380 Response Identity Cannot be Revealed
  • Open question the exact behavior and the
    consequence?

6
DAS-based Approach
proxy-1_at_source.com
proxy-2_at_destination.com
alice_at_source.com
bob_at_destination.com
INVITE bob
180 Ringing
Responder claimerbob_at_destination.com
verify-methodDAS Responder-Info
https//www.destination.com/certs
algorsa-sha1 Identify akfjiqiowrgnavnvnnfa2o3fa
fanfkfjakfjalkf203urjafskjfaf
Jprqiyupirequqpiruskfka Note Domain-based
Authentication Service (DAS)
7
AIB-based Approach
proxy-1_at_source.com
proxy-2_at_destination.com
alice_at_source.com
bob_at_destination.com
INVITE bob
180 Ringing
Responder claimerbob_at_destination.com
verify-methodAIB Responder-Info
https//www.destination.com/certs algorsa-sha1
8
Open Questions
  • Is AIB needed?
  • Advantage Anonymity can be achieved
  • Disadvantage
  • Complexity and processing delay
  • end-to-middle security
  • the new response code?
  • 403 Failed Responder Identity
  • The behavior and consequence for dealing with the
    enforcement?
  • Warning 380 Response Identity Cannot be Revealed

9
Summary
  • Scope and requirement for response identity
  • Some solutions are provided
  • Open questions
  • Next Step?
About PowerShow.com