IETF 71 SIP WG meeting - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

IETF 71 SIP WG meeting

Description:

There is value in the RFC 4474 signature even for phone numbers it allows the verifier to: ... Is the straw man proposal for phone numbers the right way to go? ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 8
Provided by: johne52
Category:
Tags: ietf | sip | meeting | numbers | phone

less

Transcript and Presenter's Notes

Title: IETF 71 SIP WG meeting


1
IETF 71 SIP WG meeting
  • SIP Identity issuesJohn Elwell, Jonathan
    Rosenberg et alia

2
Summary of contributions
  • Phone number issues
  • draft-elwell-sip-e164-problem-statement-00
  • draft-schwartz-sip-e164-ownership-01
  • draft-rosenberg-sip-rfcc4474-concerns-00
  • draft-wing-sip-e164-rrc-01
  • draft-darilion-spe16-enum-00
  • SBC issues
  • draft-wing-sip-identity-media-02
  • draft-fischer-sip-e2e-sec-media-00

3
Summary of contributions (cont.)
  • Baiting attack
  • draft-kaplan-sip-baiting-attack-02
  • not an issue when dtls-srtp is used
  • not a problem introduced by RFC 4474 can be
    done anyway
  • not considered further today

4
Phone Identity Problem Cases
  • The Identity service cannot verify the
    correctness of the phone number. e.g., it came
    from the PSTN.
  • The Identity service can verify the correctness
    of the phone number, but there's no way for a
    relying party to know that the Identity service
    is authoritative for that number
  • The Identity service can actually verify the
    correctness of the phone number and the relying
    party can verify that the Identity service is
    authoritative for that number. e.g., by
    configuration.

5
Strawman Identity Solution
  • If a user is identified by a phone number, its
    domain can sign with an RFC 4474 signature if it
    believes that calls to that number will reach the
    user
  • There is value in the RFC 4474 signature even for
    phone numbers it allows the verifier to
  • Render the domain to the user, possibly as a
    company name separate from the number
  • Check whitelists/blacklists for trustworthiness
    of domain
  • Nothing in the RFC 4474 signature allows verifier
    to know that the domain owns the number
  • Nothing in the RFC 4474 signature says this is
    the true origin (could be an intermediate service
    provider)

6
Strawman Identity Solution
  • Calls from a PSTN gateway include P-A-ID
  • No way for the SIP provider to verify the caller
    ID
  • Could put gateway_at_domain in From and sign with
    RFC 4474
  • Users with both a user_at_domain and phone number
  • user_at_domain in From field
  • Domain includes RFC 4474 signature
  • Domain adds P-A-ID containing number
  • DTLS-SRTP clarifies quality of integrity
    protection in cases of phone numbers and improves
    existing solutions

7
Questions for SIP WG
  • Is the straw man proposal for phone numbers the
    right way to go?
  • Should we consider an informational or BCP
    document that discusses what can be inferred from
    received identity information?
  • Are there any useful steps for dealing with SDP
    modification by SBCs?
  • Is there an impact on the draft-ietf-sip-dtls-fram
    ework that we need to deal with in that document?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IETF 71 SIP WG meeting" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!