RE: [Sip] Requesting feedback on draft-dotson-sip-certificate-auth-01
"Fries, Steffen" <steffen.fries@siemens.com> Thu, 23 November 2006 15:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GnGu6-0007mw-Qz; Thu, 23 Nov 2006 10:54:22 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GnGu5-0007mr-Tw for sip@ietf.org; Thu, 23 Nov 2006 10:54:21 -0500
Received: from lizzard.sbs.de ([194.138.37.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GnGu2-0002iM-9S for sip@ietf.org; Thu, 23 Nov 2006 10:54:21 -0500
Received: from mail1.sbs.de (localhost [127.0.0.1]) by lizzard.sbs.de (8.12.6/8.12.6) with ESMTP id kANFsEHG023631; Thu, 23 Nov 2006 16:54:15 +0100
Received: from fthw9xpa.ww002.siemens.net (fthw9xpa.ww002.siemens.net [157.163.133.222]) by mail1.sbs.de (8.12.6/8.12.6) with ESMTP id kANFsESS010388; Thu, 23 Nov 2006 16:54:14 +0100
Received: from MCHP7IEA.ww002.siemens.net ([139.25.131.145]) by fthw9xpa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.1830); Thu, 23 Nov 2006 16:54:14 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Sip] Requesting feedback on draft-dotson-sip-certificate-auth-01
Date: Thu, 23 Nov 2006 16:52:05 +0100
Message-ID: <ECDC9C7BC7809340842C0E7FCF48C39301A76CE4@MCHP7IEA.ww002.siemens.net>
In-Reply-To: <CD6CE349CFD30D40BF5E13B3E0D8480401DED46B@srvxchg.cablelabs.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] Requesting feedback on draft-dotson-sip-certificate-auth-01
Thread-Index: AccNk1aBHIBGrGjpQpuIDMODz77mnQBgvgwg
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Steve Dotson <S.Dotson@CableLabs.com>, IETF SIP List <sip@ietf.org>
X-OriginalArrivalTime: 23 Nov 2006 15:54:14.0185 (UTC) FILETIME=[9FBB1190:01C70F17]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 848ed35f2a4fc0638fa89629cb640f48
Cc:
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1203462367=="
Errors-To: sip-bounces@ietf.org
Hi Steve, having certificates for user registration over multiple hops on a registrar seems an interesting approach. The possibility to have a local authentication service on the user agent would help here, but in most scenarios, the user agent itself will not possess the domain certificate according to RFC4474. Two comments to the transport of credentials. You mentioned that SIP identity itself does not provide for certificate transport. We are currently working on an update of a draft targeting a BCP for credential transport in SIP using SIP identity (http://www.ietf.org/internet-drafts/draft-fries-sip-identity-usage-bcp- 00.txt). Our draft also mentions the usage of SIP SAML to transport an assertion or a reference to an assertion, which may be interesting in your scenario as well. A SAML assertion could be provided by a local server, which in turn may be used to register the UA. Ciao Steffen ________________________________ From: Steve Dotson [mailto:S.Dotson@CableLabs.com] Sent: Tuesday, November 21, 2006 6:35 PM To: IETF SIP List Subject: [Sip] Requesting feedback on draft-dotson-sip-certificate-auth-01 Some industries and organizations have invested in PKI, and thus have certificates available for authentication. We would like to leverage those credentials for SIP authentication. Using certificates instead of UICCs or other credentials is attractive for certain deployment models. http://www.ietf.org/internet-drafts/draft-dotson-sip-certificate-auth-01 .txt describes some requirements related to this issue, as well as a review of previous and related work. We have received good feedback offline from authors of related work which were incorporated into the latest draft. Thanks, Steve.
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Requesting feedback on draft-dotson-sip-cer… Steve Dotson
- RE: [Sip] Requesting feedback on draft-dotson-sip… Fries, Steffen