1 / 4

Verification procedure u pdate to draft- ietf -stir-passport-divert

Verification procedure u pdate to draft- ietf -stir-passport-divert. David Hancock (Comcast). draft-ietf-stir-passport-divert-04 verification procedure (1). Verification Service. Example-1: TN-a calls TN-b fwd  TN -c fwd TN - d (To TN preserved). Request-URI TN-d. ppt : div

bennettr
Download Presentation

Verification procedure u pdate to draft- ietf -stir-passport-divert

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification procedure update to draft-ietf-stir-passport-divert David Hancock (Comcast)

  2. draft-ietf-stir-passport-divert-04 verification procedure (1) Verification Service Example-1: TN-a calls TN-b fwdTN-c fwd TN-d (To TN preserved) Request-URI TN-d ppt : div orig: TN-a dest: TN-d iat : t+2 div : TN-c SHAKEN follows RFC 8224 verification procedures, which mandates that “dest” TN must match canonicalized value of To TN INVITE TN-d PAID:TN-a; To: TN-b; Date: t Identity: div PASSporT { … "opt": div PASSporT {… "opt": shaken PASSporT{… } } } ppt : div orig: TN-a dest: TN-c iat : t+1 div : TN-b "div" PASSporTchain of authority ppt : shaken orig: TN-a dest: TN-b iat : t To TN = shaken "dest" claim ✓ verification passed

  3. draft-ietf-stir-passport-divert-04 verification procedure (2) Verification Service Example-2: TN-a calls TN-b fwdTN-c fwd TN-d (To TN not preserved) Request-URI TN-d ppt : div orig: TN-a dest: TN-d iat : t+2 div : TN-c INVITE TN-d PAID:TN-a; To: TN-d; Date: t Identity: div PASSporT { … "opt": div PASSporT {… "opt": shaken PASSporT{… } } } Verification fails if To header updated en-route ppt : div orig: TN-a dest: TN-c iat : t+1 div : TN-b "div" PASSporTchain of authority ppt : shaken orig: TN-a dest: TN-b iat : t To TN ≠ shaken “dest” claim✕ verification failed

  4. Updated verification procedure for draft-ietf-stir-passport-divert Verification Service Example: TN-a calls TN-b fwdTN-c fwd TN-d (To TN not preserved) Request-URI TN-d ppt : div orig: TN-a dest: TN-d iat : t+2 div : TN-c Update When a “div” PASSporT is present, the To header plays no role in verification. When no “div” PASSporT present, RFC 8224 verification procedures still apply INVITE TN-d PAID:TN-a; To: TN-d; Date: t Identity: div PASSporT { … "opt": div PASSporT {… "opt": shaken PASSporT{… } } } ppt : div orig: TN-a dest: TN-c iat : t+1 div : TN-b "div" PASSporTchain of authority ppt : shaken orig: TN-a dest: TN-b iat : t verification passed

More Related