Re: [sipcore] About draft-gurbani-sip-sipsec
Dean Willis <dean.willis@softarmor.com> Wed, 28 September 2011 00:34 UTC
Return-Path: <dean.willis@softarmor.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2803821F8C6F for <sipcore@ietfa.amsl.com>; Tue, 27 Sep 2011 17:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.634
X-Spam-Level:
X-Spam-Status: No, score=-102.634 tagged_above=-999 required=5 tests=[AWL=-0.405, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, SARE_SXLIFE=1.07, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLR2jZj5ia0L for <sipcore@ietfa.amsl.com>; Tue, 27 Sep 2011 17:34:27 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 87A0E21F8CE7 for <sipcore@ietf.org>; Tue, 27 Sep 2011 17:34:27 -0700 (PDT)
Received: by gyd12 with SMTP id 12so7139283gyd.31 for <sipcore@ietf.org>; Tue, 27 Sep 2011 17:37:14 -0700 (PDT)
Received: by 10.151.101.2 with SMTP id d2mr7317148ybm.9.1317170234212; Tue, 27 Sep 2011 17:37:14 -0700 (PDT)
Received: from dwillis-mb1.local (cpe-66-25-15-110.tx.res.rr.com. [66.25.15.110]) by mx.google.com with ESMTPS id s8sm83530240ani.3.2011.09.27.17.37.12 (version=SSLv3 cipher=OTHER); Tue, 27 Sep 2011 17:37:13 -0700 (PDT)
Message-ID: <4E826C37.5070501@softarmor.com>
Date: Tue, 27 Sep 2011 19:37:11 -0500
From: Dean Willis <dean.willis@softarmor.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <CALiegfnAawtQGLuojNwxVrQoWrXX3hKgDGjf8185b_T8QeTJPg@mail.gmail.com>
In-Reply-To: <CALiegfnAawtQGLuojNwxVrQoWrXX3hKgDGjf8185b_T8QeTJPg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: sipcore@ietf.org
Subject: Re: [sipcore] About draft-gurbani-sip-sipsec
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2011 00:34:28 -0000
On 9/16/11 9:39 AM, Iñaki Baz Castillo wrote: > Hi all, > > I would like to comment about draft-gurbani-sip-sipsec "The SIPSEC > Uniform Resource Identifier (URI)". > I like the idea proposed there. Even more taking into account that it > is based on the same mechanism for HTTP/CONNECT (widely deployed). > Thanks! > > Another "issue": The draft requires that the TLS negotiation is made > by both endpoints (let's say two phones), so the UAS MUST have a TLS > certificate, which is uncommon, am I right? I understand that comodohacker has made certs widely available. You wanna be gmail for a day? Seriously, yes, you're right. And this is a major "design feature", not unintended. It gives us real "end to end" authentication and privacy, subject to the strength of the certificate issuance process (see: comodohacker). As Vijay pointed out, you can issue your own certificates if you and your partner work out the trust relationships outside of the usual CA process. The certificate used can also be dynamically varied with the target identity. This works nicely in the enterprise space, for example. Let's say as a consultant working for many clients, each gives me a cert to use when talking with them. My UA can key off the remote domain identifier in order to know which cert to present during handshake. However, nothing about the protocol really demands mutual cert-auth. It should be possible to use HTTP-style cert-auth of the UAS and digest auth of the UAC. On the other hand, you're going to need a cert to answer the phone, so you might as well use it when making calls, too. > And the last comment: proxies in the path cannot inspect the SIP > traffic through the established connection so they know nothing about > what's happening in the call or transactions. Proxies cannot do > accounting or whatever other action as they are not SIP proxies now, > but just TCP proxies. How does that fit with current SIP deployments? That's another feature, not a bug. Current SIP deployments are mostly MITM attacks waiting to happen. Where this becomes incredibly important is P2PSIP (aka SIP/RELOAD). When some other bozo's box is acting as your proxy, do you really want it doing "accounting or whatever other action" on your SIP messages? Further, the processing load on the proxies is hugely decreased. Not only can they stop worrying about wiretapping every SIP message (as such would be pointless), they no longer require the overhead of having to decrypt each message before logging it and then re-encrypting it before resending it. This makes them hundreds of times more scalable. It's a win-win for everybody who matters. Of course, this also works well for criminal conspiracies that have a good IT department and can mint and share their own certs out-of-band. I'm OK with that. Note that the presence of a communication between the two endpoints is still revealed; it's just the text of the signaling between them that is protected by the protocol, so snoops could still get a "pen register", which in the US is typically a warrantless request anyhow. True anonymity is much harder; what is needed is a TOR-ified version of the protocol, and that still reveals two half-calls. -- Dean -- Dean -- Dean
- [sipcore] About draft-gurbani-sip-sipsec Iñaki Baz Castillo
- Re: [sipcore] About draft-gurbani-sip-sipsec Vijay K. Gurbani
- Re: [sipcore] About draft-gurbani-sip-sipsec Iñaki Baz Castillo
- Re: [sipcore] About draft-gurbani-sip-sipsec Dean Willis