slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Kumiko Ono ono.kumiko@lab.ntt.co.jp PowerPoint Presentation
Download Presentation
Kumiko Ono ono.kumiko@lab.ntt.co.jp

Loading in 2 Seconds...

play fullscreen
1 / 9

Kumiko Ono ono.kumiko@lab.ntt.co.jp - PowerPoint PPT Presentation


  • 146 Views
  • Uploaded on

End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03. Kumiko Ono ono.kumiko@lab.ntt.co.jp. IETF61. Requirements. draft-ietf-sipping-e2m-sec-reqs-04. Changes since 03. Section 2.1: Examples of Scenarios

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Kumiko Ono ono.kumiko@lab.ntt.co.jp' - dorian-caldwell


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

End-to-middle Security in SIPdraft-ietf-sipping-e2m-sec-reqs-04draft-ono-sipping-end2middle-security-03

Kumiko Ono

ono.kumiko@lab.ntt.co.jp

IETF61

requirements

Requirements

draft-ietf-sipping-e2m-sec-reqs-04

changes since 03
Changes since 03
  • Section 2.1: Examples of Scenarios
    • Removed the text that overlapped with the scope of session policies
    • Removed the text that described an illegal behavior of a proxy server
changes since 03 cont d
Changes since 03 (cont’d)
  • Section 4: Requirements for a Solution
    • Added notes to describe the requirements met by session policies
    • Added a note to describe the requirements met by an existing mechanism, digest authentication
    • Changed "SHOULD" to "MAY“

REQ-CONF-4: It MAY allow a UA to request that the recipient UA disclose information to the proxy server, which requesting UA is disclosing the information to. The request itself SHOULD be secure.

    • Added the conditions of the requirements.
  • References
    • Divided references to normative and informative.
slide5
In WG LC till Nov.20
  • Feedbacks are appreciated.
mechanism

Mechanism

draft-ono-sipping-end2middle-security-03

open issue 1 labeling the target body for middle
Open Issue#1: Labeling the target body for “middle”

OptionA-1. A new SIP header

i.e.: “Proxy-Required-Body"

Option A-2. A new parameter in a SIP header

i.e.: "content-id" param in Route header

Option B-1. A new MIME header

i.e.: "Content-Target"

Option B-2. A new parameter in a MIME header

i.e.: "required-entity" param in

"Content-Disposition"

My Proposal:

Option A-1. A new SIP header

open issue 2 notification with a new error code
Open Issue#2: Notification with a new error code

Proxy should have a way to notify a UA about e2m security utilization in addition to using UAC driven method, such as session policy package.

1) When a proxy server needs to view an encrypted data sent by UAC, it requires end-to-middle confidentiality.

  • An existing error code, "493 Undecipherable“ and target content type in Warning header

2) When a proxy server needs to validate the data integrity of the message, it requires end-to-middle integrity.

  • 403?
  • A new error code, such as "495 Signature required" and target content type in Warning header
next step
Next Step
  • Can we adopt this as a WG item?