[secdir] [new-work] WG Review: SIP Best-practice Recommendations Against Network Dangers to privacY (sipbrandy)
The IESG <iesg@ietf.org> Fri, 17 June 2016 18:16 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CE8F12D966; Fri, 17 Jun 2016 11:16:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1466187383; bh=35M0y5tP+Dtve28Q6JJNPvBlsB/sKA6LAMGWEz5RzsQ=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=x0DP0tnP1vags4HlvMyoE9lH5v5Im6BOfW6FUCEc4dtILrqLIF+FSXF8cOJRAFhWo y8+uUtkjCsgOkjvD89XxvWPcJaUKj+I1z0cGk5PO+2z/0u8YDG1jWLTBIqsqGMS0Dk xRrpwVHvbrX89Y3eIEdEx8gfOIw4n/loOaiHUE40=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C8F712D95F for <new-work@ietf.org>; Fri, 17 Jun 2016 11:16:17 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply_to: <iesg@ietf.org>
Message-ID: <20160617181617.9703.28986.idtracker@ietfa.amsl.com>
Date: Fri, 17 Jun 2016 11:16:17 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/83rgMJEXcuR7VL8p9cdPbkyK2gs>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.17
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Quy_llKoFybkJW5KP6SuUg8bpMw>
X-Mailman-Approved-At: Mon, 20 Jun 2016 08:01:30 -0700
Subject: [secdir] [new-work] WG Review: SIP Best-practice Recommendations Against Network Dangers to privacY (sipbrandy)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 18:16:23 -0000
A new IETF WG has been proposed in the Applications and Real-Time Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2016-06-27. SIP Best-practice Recommendations Against Network Dangers to privacY (sipbrandy) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: Gonzalo Camarillo <gonzalo.camarillo@ericsson.com> Assigned Area Director: Ben Campbell <ben@nostrum.com> Applications and Real-Time Area Directors: Ben Campbell <ben@nostrum.com> Alissa Cooper <alissa@cooperw.in> Alexey Melnikov <aamelnikov@fastmail.fm> Mailing list: TBD Charter: https://datatracker.ietf.org/doc/charter-ietf-sipbrandy/ SIP with the SDP Offer/Answer model, along with RTP are widely used in modern communications networks. But while secure RTP (SRTP) is available to provide integrity and privacy protection to such communication, it is rarely used end-to-end. This lack is due to several factors, notably the pervasive use of signaling and media intermediaries in such networks and the difficulties involved in deployment of strong identity mechanisms for SIP. These factors are complicated by the fact that there are several incompatible approaches to SRTP key exchange. The current situation is unacceptable in the face of pervasive monitoring, which RFC 7258 describes as "an attack on privacy". In addition, the STIR working group is, at the time of this writing, revising RFC 4744 to make strong identity attestations for SIP easier to deploy. This gives the IETF an opportunity to define best practices to improve privacy protections for users of SIP based communication, in ways that improve upon the status-quo. Objectives: The SIPBRANDY working group will define best practices for establishing two-party, SIP-signaled SRTP sessions with end-to-end security associations, including a single, preferred SRTP key exchange mechanism. These practices are expected to be deployable across typical SIP networks, without the sharing of SRTP keying material with intermediaries or third parties. These practices should protect against man-in-the-middle attacks. While confidentiality is the first priority of the working group, it may work on aligning these practices with WebRTC, for example by defining best practices for ensuring recipients of media flows have indicated the desire to receive them, in order to prevent or mitigate the denial-of-service attack described in RFC 5245, section 18.5.1. Likewise, the WG may consider compatibility with aspects of PERC. The working group will additionally coordinate with the MMUSIC working group to define opportunistic security [RFC 7435] for SIP-signaled media sessions for situations where strong protections are not necessary or not feasible. Non-Goals: The working group is not expected to define practices for multi-party session topologies, especially those involving media distribution devices. The working group is not expected to define new protocols or modify existing ones; rather it will define practices for using existing protocols. If the working group discovers gaps that require creation or modification protocols, it will forward those gaps to the appropriate working groups. Inputs and Collaboration: The WG will consider draft-peterson-dispatch-rtpsec and draft-johnston-dispatch-osrtp as input to the work. The WG is expected to collaborate closely with SIPCORE, AVTCORE, STIR, MMUSIC, RTCWEB, PERC, and possibly DISPATCH. Milestones: Aug 2016 - Draft Adoption - Best Practices for end-to-end SRTP Nov 2016 - Draft Adoption - Best Practices for Opportunistic SRTP Mar 2017 - Submit End-to-End SRTP draft to the IESG for consideration as BGP Mar 2017 - Inform MMUSIC or other appropriate WGs of any changes needed to support Opportunistic SRTP (Not expected to be published as an RFC) Nov 2017 - Submit Opportunistic SRTP draft to IESG for consideration as BGP _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work