idnits 2.17.1 

draft-ietf-sip-authid-body-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the
     document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 28, 2003) is 7606 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '2' is defined on line 400, but no explicit reference
     was found in the text

  == Outdated reference: A later version (-06) exists of
     draft-ietf-sipping-3pcc-02


     Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	SIP WG                                                       J. Peterson
3	Internet-Draft                                                   NeuStar
4	Expires: December 27, 2003                                 June 28, 2003

6	              SIP Authenticated Identity Body (AIB) Format
7	                     draft-ietf-sip-authid-body-02

9	Status of this Memo

11	   This document is an Internet-Draft and is in full conformance with
12	   all provisions of Section 10 of RFC2026.

14	   Internet-Drafts are working documents of the Internet Engineering
15	   Task Force (IETF), its areas, and its working groups.  Note that
16	   other groups may also distribute working documents as Internet-
17	   Drafts.

19	   Internet-Drafts are draft documents valid for a maximum of six months
20	   and may be updated, replaced, or obsoleted by other documents at any
21	   time.  It is inappropriate to use Internet-Drafts as reference
22	   material or to cite them other than as "work in progress."

24	   The list of current Internet-Drafts can be accessed at http://
25	   www.ietf.org/ietf/1id-abstracts.txt.

27	   The list of Internet-Draft Shadow Directories can be accessed at
28	   http://www.ietf.org/shadow.html.

30	   This Internet-Draft will expire on December 27, 2003.

32	Copyright Notice

34	   Copyright (C) The Internet Society (2003).  All Rights Reserved.

36	Abstract

38	   RFC3261 introduces the concept of adding an S/MIME body to a SIP
39	   request or response in order to provide reference integrity over its
40	   headers.  This document provides a more specific mechanism to derive
41	   integrity and authentication properties from an 'authenticated
42	   identity body', a digitally-signed SIP message or message fragment.
43	   A standard format for such bodies (known as Authenticated Identity
44	   Bodies, or AIBs) is given in this document.  Some considerations for
45	   the processing of AIBs by recipients of SIP messages with such bodies
46	   are also given.

48	Table of Contents

50	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
51	   2.  AIB Format . . . . . . . . . . . . . . . . . . . . . . . . . .  4
52	   3.  Example of a Request with AIB  . . . . . . . . . . . . . . . .  5
53	   4.  AIBs for Identifying Third-Parties . . . . . . . . . . . . . .  6
54	   5.  Identity in non-INVITE Requests  . . . . . . . . . . . . . . .  7
55	   6.  Identity in Responses  . . . . . . . . . . . . . . . . . . . .  7
56	   7.  Receiving an AIB . . . . . . . . . . . . . . . . . . . . . . .  7
57	   8.  Encryption of Identity . . . . . . . . . . . . . . . . . . . .  8
58	   9.  Example of Encryption  . . . . . . . . . . . . . . . . . . . .  8
59	   10. Security Considerations  . . . . . . . . . . . . . . . . . . .  9
60	   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
61	       Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10
62	       Normative References . . . . . . . . . . . . . . . . . . . . . 10
63	       Informative References . . . . . . . . . . . . . . . . . . . . 10
64	   A.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
65	       Full Copyright Statement . . . . . . . . . . . . . . . . . . . 12

67	1. Introduction

69	   Section 23.4 of RFC3261 [1] describes an integrity mechanism that
70	   relies on signing tunneled 'message/sip' MIME bodies within SIP
71	   requests.  The purpose of this mechanism is to replicate the headers
72	   of a SIP request within a body carried in that request in order to
73	   provide a digital signature over these headers.  The signature on
74	   this body also provides authentication.

76	   The core requirement that motivates this mechanism is the problem of
77	   providing a cryptographically verifiable identity within a SIP
78	   request.  The baseline SIP protocol allows a user agent to express
79	   the identity of its user in any of a number of headers.  The primary
80	   place for identity information asserted by the sender of a request is
81	   the From header.  The From header field contains a URI (like
82	   'sip:alice@atlanta.com') and an optional display-name (like "Alice")
83	   that identifies the originator of the request.  A user may have many
84	   identities that are used in different contexts.

86	   Typically, this URI is an address-of-record that can be dereferenced
87	   in order to contact the originator of the request; specifically, it
88	   is usually the same address-of-record under which a user registers
89	   their devices in order to receive incoming requests.  This address-
90	   of-record is assigned and maintained by the administrator of the SIP
91	   service in the domain identified by the host portion of the address-
92	   of-record.  However, the From field of a request can usually be set
93	   arbitrarily by the user of a SIP user agent; the From header of a
94	   message provides no internal assurance that the originating user can
95	   legitimately claim the given identity.  Nevertheless, many SIP user
96	   agents will obligingly display the contents of the From field as the
97	   identity of the originator of a received request (as a sort of caller
98	   identification function), much as email implementations display the
99	   From field as the sender's identity

101	   In order to provide the recipient of a SIP message with greater
102	   assurance of the identity of the sender, a cryptographic signature
103	   can be provided over the headers of the SIP request, which allows the
104	   signer to assert a verifiable identity.  Unfortunately, a signature
105	   over the From header alone is insufficient because it could be cut-
106	   and-pasted into a replay or forwarding attack, and more headers are
107	   therefore needed to correlated a signature with a request.  RFC3261
108	   therefore recommends copying all of the headers from the request into
109	   a signed MIME body; however, SIP messages can also be large, and many
110	   of the headers in a SIP message would not be relevant to determining
111	   the identity of the sender or assuring reference integrity with the
112	   request, and moreover some headers may change in transit.  It is
113	   therefore desirable to find a happy medium - to provide a way of
114	   signing just enough headers that the identity of the sender can be
115	   ascertained and correlated with the request.  'message/sipfrag' [3]
116	   provides a way for a subset of SIP headers to be included in a MIME
117	   body; the AIB format described in Section 2 is based on 'message/
118	   sipfrag'.

120	   For reasons of end-to-end privacy, it may also be desirable to
121	   encrypt AIBs; procedures for this encryption are given in Section 8.

123	2. AIB Format

125	   As a way of sharing authenticated identity among parties in the
126	   network, a special type of MIME body format, the Authenticated
127	   Identity Body (AIB) format, is defined in this section.  AIBs allow a
128	   party in a SIP transaction to cryptographically sign the headers that
129	   assert the identity of the originator of a message, and provide some
130	   other headers necessary for reference integrity.

132	   An AIB is a MIME body of type 'message/sip' or 'message/sipfrag' (see
133	   [3]).  This body MUST have a Content-Disposition disposition-type of
134	   'aib', a new value defined in this document specifically for
135	   authenticated identity bodies.  The Content-Disposition header SHOULD
136	   also contain a 'handling' parameter indicating that this MIME body is
137	   optional (i.e.  if this mechanism is not supported by the user agent
138	   server, it can still attempt to process the request).

140	   AIBs using the 'message/sipfrag' MIME type MUST contain the following
141	   headers when providing identity for an INVITE request: From, Date and
142	   Contact; they SHOULD also contain the To, Call-ID and CSeq header.
143	   AIBs MAY contain any other headers that help to uniquely identify the
144	   transaction or provide related reference integrity.  An example of
145	   the AIB format for an INVITE is:

147	   Content-Type: message/sipfrag
148	   Content-Disposition: aib; handling=optional

150	   From: Alice <sip:alice@atlanta.com>
151	   To: Bob <sip:bob@biloxi.com>
152	   Contact: <sip:alice@pc33.atlanta.com>
153	   Date: Thu, 21 Feb 2002 13:02:03 GMT
154	   Call-ID: a84b4c76e66710
155	   CSeq: 314159 INVITE

157	   Unsigned AIBs MUST NOT be honored by any recipients.  After the AIB
158	   has been signed, it SHOULD be added to any existing MIME bodies in
159	   the request (such as SDP), if necessary by transitioning the
160	   outermost MIME body to a 'multipart/mixed' format.

162	3. Example of a Request with AIB

164	   The following shows a full SIP INVITE request with an AIB:

166	   INVITE sip:bob@biloxi.com SIP/2.0
167	   Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
168	   To: Bob <sip:bob@biloxi.com>
169	   From: Alice <sip:alice@atlanta.com>;tag=1928301774
170	   Call-ID: a84b4c76e66710
171	   CSeq: 314159 INVITE
172	   Max-Forwards: 70
173	   Date: Thu, 21 Feb 2002 13:02:03 GMT
174	   Contact: <sip:alice@pc33.atlanta.com>
175	   Content-Type: multipart/mixed; boundary=unique-boundary-1

177	   --unique-boundary-1

179	   Content-Type: application/sdp
180	   Content-Length: 147

182	   v=0
183	   o=UserA 2890844526 2890844526 IN IP4 here.com
184	   s=Session SDP
185	   c=IN IP4 pc33.atlanta.com
186	   t=0 0
187	   m=audio 49172 RTP/AVP 0
188	   a=rtpmap:0 PCMU/8000

190	   --unique-boundary-1
191	   Content-Type: multipart/signed;
192	     protocol="application/pkcs7-signature";
193	     micalg=sha1; boundary=boundary42
194	   Content-Length: 608

196	   --boundary42
197	   Content-Type: message/sipfrag
198	   Content-Disposition: aib; handling=optional

200	   From: Alice <sip:alice@atlanta.com>
201	   To: Bob <sip:bob@biloxi.com>
202	   Contact: <sip:alice@pc33.atlanta.com>
203	   Date: Thu, 21 Feb 2002 13:02:03 GMT
204	   Call-ID: a84b4c76e66710
205	   CSeq: 314159 INVITE

207	   --boundary42
208	   Content-Type: application/pkcs7-signature; name=smime.p7s
209	   Content-Transfer-Encoding: base64
210	   Content-Disposition: attachment; filename=smime.p7s;
211	      handling=required

213	   ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
214	   4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
215	   n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
216	   7GhIGfHfYT64VQbnj756

218	   --boundary42--

220	   --unique-boundary-1--

222	4. AIBs for Identifying Third-Parties

224	   There are special-case uses of the INVITE method in which some SIP
225	   messages are exchanged before an INVITE is sent, and the identity of
226	   a party from the prior exchange needs to be carried in the subsequent
227	   INVITE.  Such information might be carried in one or more
228	   supplemental AIBs.  The presence of these supplemental AIBs does not
229	   preclude the use of a 'regular' AIB as specified in this document to
230	   protect messages in which they appear.

232	   The use of the REFER [4] method, for example, has a requirement for
233	   the recipient of an INVITE to ascertain the identity of the referrer
234	   who caused the INVITE to be sent.  In this instance, the From header
235	   of the INVITE would indicate the referee, whereas a separate header
236	   would indicate the referrer.

238	   Third-party call control (3PCC [5]) has an even more complicated
239	   identity problem.  A central controller INVITEs one party, gathers
240	   identity information (and session context) from that party, and then
241	   uses this information to INVITE another party.  Ideally, the
242	   controller would also have a way to share a cryptographic identity
243	   signature given by the first party INVITEd by the controller to the
244	   second party invited by the controller.

246	   In both of these cases, the Call-ID and CSeq of the original request
247	   (3PCC INVITE or REFER) will not correspond with that of the request
248	   in by the subsequent INVITE, nor would the To and From.  In both the
249	   REFER case and the 3PCC case, the Call-ID and CSeq cannot be used to
250	   determine reference integrity, and it is therefore much harder to
251	   correlate an AIB to a subsequent INVITE request.  Some other special
252	   headers MAY be used to provide reference integrity between the
253	   headers in an AIB with the headers of a 3PCC or REFER-generated
254	   INVITE, but this usage is outside of the scope of this document.

256	5. Identity in non-INVITE Requests

258	   The requirements for populating an AIB in requests within a dialog
259	   generally parallel those of the INVITE: From, Call-ID and Date are
260	   REQUIRED.

262	   Some non-INVITE requests, however, may have different identity
263	   requirements.  New methods should identify any special identity
264	   requirements in the Security Considerations of their specification.

266	6. Identity in Responses

268	   Many of the practices described in the preceding sections can be
269	   applied to responses as well as requests.  Note that a new set of
270	   headers must be generated to populate the AIB in a response.  The
271	   From header field of the AIB in the response to an INVITE SHOULD
272	   correspond to the address-of-record of the responder, NOT to the From
273	   header field received in the request.  The To header field of the
274	   request MUST NOT be included.  A new Date header field and Contact
275	   header field should be generated for the AIB in a response.  The
276	   Call-ID and CSeq should, however, be copied from the request.

278	   Generally, the To header field of the request will correspond to the
279	   address-of-record of the responder.  In some architectures where
280	   redirection is used, however, this need not be the case.  Some
281	   recipients of response AIBs may consider it a cause for security
282	   concern if the To header field of the request is not the same as the
283	   address-of-record in the From header field of the AIB in a response.

285	7. Receiving an AIB

287	   When a user agent receives a request containing an AIB, it should
288	   verify the signature, including validating the certificate of the
289	   signer, and compare the identity of the signer (the subjectAltName)
290	   with, in the INVITE case, the From header field of the request (for
291	   non-INVITE requests, other headers may be used).  The two should
292	   correspond exactly; if they do not, the user agent should report this
293	   condition to its user before proceeding.  User agents may distinguish
294	   between plausibly minor variations (the difference between
295	   'atlanta.com' and 'sip.atlanta.com') and major variations
296	   ('atlanta.com' vs.  'evil.tv') when reporting these discrepancies in
297	   order to give the user some idea of how to handle this situation.
298	   Similar comparison of the Call-ID header is necessary for INVITE
299	   requests.  The freshness of the Date header should also be evaluated,
300	   following the guidance in RFC3261.

302	   When the originating user agent of a request receives a response
303	   containing an AIB, it SHOULD compare the identity in the To header
304	   field of the AIB of the response with the original value of the To
305	   header field in the request.  If these represent different
306	   identities, the user agent SHOULD render the identity in the AIB of
307	   the response to its user.  Note that a discrepancy in these identity
308	   fields is not necessary an indication of a security breach; normal
309	   retargeting may simply have directed the request to a different final
310	   destination.

312	8. Encryption of Identity

314	   Many SIP entities that support the use of S/MIME for signatures also
315	   support S/MIME encryption, as described in RFC3261 Section 23.4.3.

317	   While encryption of AIBs entails that only the holder of a specific
318	   key can decrypt the body, that single key could be distributed
319	   throughout a network of hosts that exist under common policies.  The
320	   security of the AIB is therefore predicated on the secure
321	   distribution of the key.  However, for some networks (in which there
322	   are federations of trusted hosts under a common policy), the
323	   widespread distribution of a decryption key could be appropriate.
324	   Some telephone networks, for example, might require this model.

326	   When an AIB is encrypted, the AIB SHOULD always be encrypted before
327	   it is signed.  Note that this means that the recipients of the
328	   request, even if they are unable to inspect the AIBF, will still be
329	   able to see who signed that body (although it will not necessarily be
330	   obvious that the body contains an AIB).

332	9. Example of Encryption

334	   The following is an example of an encrypted and signed AIB (without
335	   any of the preceding SIP headers).  In a rendition of this body sent
336	   over the wire, the text wrapped in asterisks would be in ciphertext.

338	   Content-Type: multipart/signed;
339	     protocol="application/pkcs7-signature";
340	     micalg=sha1; boundary=boundary42
341	   Content-Length: 568

343	   --boundary42

345	   Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
346	     name=smime.p7m
347	   Content-Transfer-Encoding: base64
348	   Content-Disposition: attachment; filename=smime.p7m
349	     handling=required
350	   Content-Length: 231

352	   ***********************************************************
353	   * Content-Type: message/sipfrag                           *
354	   * Content-Disposition: aib; handling=optional             *
355	   *                                                         *
356	   * From: sip:alice@atlanta.com                             *
357	   * Call-ID: a84b4c76e66710                                 *
358	   * Date: Thu, 21 Feb 2002 13:02:03 GMT                     *
359	   ***********************************************************

361	   --boundary42

363	   Content-Type: application/pkcs7-signature; name=smime.p7s
364	   Content-Transfer-Encoding: base64
365	   Content-Disposition: attachment; filename=smime.p7s;
366	      handling=required

368	   ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
369	   4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
370	   n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
371	   7GhIGfHfYT64VQbnj756

373	   --boundary42--

375	10. Security Considerations

377	   This document recommends the inclusion of the Call-ID, CSeq and To
378	   headers in AIBs when 'message/sipfrag' is used to represent the
379	   identity of a request's sender.  If these headers are omitted, some
380	   important security properties of AIB are lost.  For example,
381	   recipients of AIBs might keep a dictionary of received Call-IDs for
382	   some duration of time (perhaps until two hours after the Date header
383	   in the AIB), and compare the Call-ID received in AIBs of new requests
384	   to those in the dictionary in order to detect replays of AIBs.

386	   Caching CSeqs can also assist in the detection of replays.

388	11. IANA Considerations

390	   This document defines a new MIME Content-Disposition disposition-type
391	   value of 'aib'.  This value is reserved for MIME bodies that contain
392	   an authenticated identity, as described in section Section 2.

394	Normative References

396	   [1]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
397	        Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
398	        Session Initiation Protocol", RFC 3261, May 2002.

400	   [2]  Bradner, S., "Key words for use in RFCs to indicate requirement
401	        levels", RFC 2119, March 1997.

403	   [3]  Sparks, R., "Internet Media Type message/sipfrag", RFC 3420,
404	        September 2002.

406	Informative References

408	   [4]  Sparks, R., "The SIP Refer Method", draft-ietf-sip-refer-07
409	        (work in progress), November 2002.

411	   [5]  Rosenberg, J., Peterson, J., Schulzrinne, H. and G. Camarillo,
412	        "Best Current Practices for Third-Party Call Control in the
413	        Session Initiation Protocol", draft-ietf-sipping-3pcc-02 (work
414	        in progress), June 2002.

416	Author's Address

418	   Jon Peterson
419	   NeuStar, Inc.
420	   1800 Sutter St
421	   Suite 570
422	   Concord, CA  94520
423	   US

425	   Phone: +1 925/363-8720
426	   EMail: jon.peterson@neustar.biz
427	   URI:   http://www.neustar.biz/

429	Appendix A. Acknowledgements

431	   The author would like to thank Robert Sparks, Jonathan Rosenberg, and
432	   Mary Watson for their comments.  Rohan Mahy also provided some
433	   valuable guidance.

435	Full Copyright Statement

437	   Copyright (C) The Internet Society (2003).  All Rights Reserved.

439	   This document and translations of it may be copied and furnished to
440	   others, and derivative works that comment on or otherwise explain it
441	   or assist in its implementation may be prepared, copied, published
442	   and distributed, in whole or in part, without restriction of any
443	   kind, provided that the above copyright notice and this paragraph are
444	   included on all such copies and derivative works.  However, this
445	   document itself may not be modified in any way, such as by removing
446	   the copyright notice or references to the Internet Society or other
447	   Internet organizations, except as needed for the purpose of
448	   developing Internet standards in which case the procedures for
449	   copyrights defined in the Internet Standards process must be
450	   followed, or as required to translate it into languages other than
451	   English.

453	   The limited permissions granted above are perpetual and will not be
454	   revoked by the Internet Society or its successors or assigns.

456	   This document and the information contained herein is provided on an
457	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
458	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
459	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
460	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
461	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

463	Acknowledgement

465	   Funding for the RFC Editor function is currently provided by the
466	   Internet Society.