Re: [Sip] Passing added call information in the SIP packet

["Arun Punj" <arun.punj at ericsson.com>]

Todd,

I think in view of participants P1 and P2 of a secure call. The security
could imply following:
If P1 calls P2.
 R1 - P2 can verify that it is P1 who is calling. ( RFC4474 plus
manyother proposals)
 R2 - P1 can verify that is has reached P1        ( RFC4916 +++ )
 R3 - P1 and P2 can communicate data using SRTP ( encrypted)
   R31 -  Keys are hidden from all but P1 and P2. (TLS/Mikey SDES
exposes keys to proxies)
   R32 -  Keys and relevant security parameters can be exchanged betwene
P1 and P2. ( Mikey / SDES).

You want to know if R31 and R32 can be used/changed mid call, that is
the call starts with encryption and then a RE-INVITE is sent which would
change the session to encrypted. This is possible. For example, to do it
using SDES, your initial INVITE could be send without any a=crypto line
and SAVP profile and then could send another Re_INVITE with a=crypto.

Also could do best effort security. Which is put the a=crypto line in
the SDP, however, encryption is used only if both the offer and answer
have a=crypto line in it, otherwise send/receive unencrypted media. 

Best effort security and other endpoint capability negotiation is being
developed further and there a couple of drafts on it out there.

Thanks
Arun



-----Original Message-----
From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of
todd.d.binns at l-3com.com
Sent: Monday, April 28, 2008 1:14 PM
To: sip at ietf.org
Subject: Re: [Sip] Passing added call information in the SIP packet

Hi,
   Yes, it (security) does mean a lot to a lot of different people.
Thanks for all the responses.  I am reading the different suggested RFC
& drafts.  My question was more on how can one UA inform another UA that
it wants to make changes to their session/dialog.  In my case the
security will be different, but I want to have one UA initiate the
secure call (change to session/dialog), and the other UA to confirm.  As
stated I can use the X- header since both clients will be custom.  Is
there any other defined way that 2 UA should have this conversation, is
it only defined in the RFC3264? (An offer/answer model with the session
description protocol)

Thanks Again to everyone that made comments, Todd

-----Original Message-----
From: Dean Willis [mailto:dean.willis at softarmor.com]
Sent: Wednesday, 23 April, 2008 11:24 PM
To: Binns, Todd D @ HENSCHEL
Cc: sip at ietf.org
Subject: Re: [Sip] Passing added call information in the SIP packet


On Apr 23, 2008, at 12:29 PM, todd.d.binns at l-3com.com wrote:

> Hi,
>    I have been an user of SIP for a while, but never got into the  
> need to extend it.  I have tried to do an extensive research to see  
> if there are any draft or RFC that handles the requirements that I  
> am requested to do.  Here is the scenario that I am trying to fulfill.
>
> A UA (custom hardware/software) wants to place or change the call  
> into a secure call.  It notifies the other participant by an INVITE  
> or NOTIFY and both UA agree on the change and the details of the  
> security.  There are several different method of securing the call,  
> and that would be included in the parameter passed between the UA.   
> If this is not possible is there a way to embed the parameters into  
> the header of the INVITE or NOTIFY so at least both UA know of the  
> request?
>

What do you mean, "secured call"? This term means many different  
things to even more different people.

You might look at:

  http://www.ietf.org/internet-drafts/draft-ietf-sip-sips-08.txt

which has completed working group last call and I'm about to send to  
the IESG, and at:

http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-requir
ements-04.txt

and

http://www.ietf.org/internet-drafts/draft-ietf-sip-dtls-srtp-framework-0
1.txt

which, if I recall aright, are currently in working group last call.

--
Dean


_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip