idnits 2.17.1 draft-jennings-p2psip-security-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 252. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 263. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 270. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 276. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 24, 2007) is 6261 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC 3893' on line 177 == Unused Reference: '2' is defined on line 222, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 P2PSIP C. Jennings 3 Internet-Draft Cisco Systems 4 Intended status: Standards Track February 24, 2007 5 Expires: August 28, 2007 7 Security Mechanisms for Peer to Peer SIP 8 draft-jennings-p2psip-security-00 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on August 28, 2007. 35 Copyright Notice 37 Copyright (C) The IETF Trust (2007). 39 Abstract 41 This document describes an overview of some security mechanisms for 42 P2P SIP. Specifically it discusses mechanisms that can be used to 43 secure the stored data and the routing in the distributed storage. 45 This draft is an very early draft to outline the possible solution 46 space and far more details would be needed. This work is being 47 discussed on the p2psip@ietf.org mailing list. 49 1. Introduction 51 The P2P SIP work stores users registrations and possibly other data 52 in a Distributed Hash table (DHT). This requires a solution to 53 securing this data as well as securing, as best possible, the routing 54 in the DHT. Each user of the system has a name, such as 55 alice@dht.example.net. These names are unique and meant to be chosen 56 and used by human much like an SIP Address of Record (AOR) or email 57 address. When the user enrolls in the DHT and creates the name, they 58 are also given an asymmetric key as an certificate that binds their 59 name to that key in a way that can be validated by any user enrolled 60 in this particular DHT. Note that since only users of this DHT need 61 to validate a certificate, this usage does not require a global PKI. 63 The overview of the proposed approach is that the certificate and key 64 can be used to sign any data stored in the DHT and any user 65 retrieving the stored data can check that the data was not tampered 66 with. In addition, when a peer goes to modify the routing data in 67 the DHT, they can provide the information of which users they 68 represent such that it is possible to know which user was associated 69 with a change and possibly limit the number of peers that a single 70 user can operates and position the peers in such a way to limit their 71 ability to attack the routing. In addition, over longer periods of 72 time, it may be possible to revoke that users credentials by allowing 73 their certificate to expire. 75 The rest of this document is arranged into an abstract model of how 76 the security work work that would apply to any protocol the working 77 group might develop for the DHT. After the abstract model, a 78 specific mapping of the model to SIP is described that would apply if 79 the working group used SIP for the DHT protocol. 81 2. Conventions 83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 85 document are to be interpreted as described in RFC 2119 [1]. 87 3. Data Protection Architecture 89 There are possibly several things a client may want to store in the 90 DHT. The most obvious on is the registration information that 91 indicates the IP address or route to where a given name or AOR can be 92 found. There are other bits of information that could also be 93 stored. Each chunk of information is stored in what will be referred 94 to as a "record". The defined record types and what they stored 95 would be described in documents and registered with IANA. One of the 96 record types would be the "registration" record where clients stored 97 their registration information. Each user in the system would only 98 have one registration record. The index in the DHT would be formed 99 by taking using the concatenation of the AOR and the record type 100 name. 102 When a client wants to store some information in a record, they sent 103 a request that has: their AOR, the record type name, the time, the 104 data to store in the record, and MUST include a signature over all 105 that information. When a peer goes to store the information, it MUST 106 check that the signature is correct. It SHOULD also check that the 107 data looks appropriate for this type of record given by checking 108 things like the size of the data is in an appropriate range. When a 109 client retrieves data out of the DHT, it retrieves all the 110 information that was signed and SHOULD verify the signature on the 111 data. 113 Open Issue: how do we want to deal with checking time and also does 114 the data have a Time To Live (TTL). 116 Open Issue: do we pass the certificate with the signature or do we 117 provide some alternative scheme to get the certificates. I am 118 leaning towards pass the certificate along with the signature. A 119 problem with this is the message size. A possible problem with not 120 doing it is that the signature are used to verify the constructions 121 of the routing architecture and assuming that the routing 122 architecture is in place before a signature can be checked may lead 123 to problems. 125 4. Routing Protection Architecture 127 The goal of protecting the routing is stopping attacker from 128 performing a DOS attack on they system by misrouting requests in the 129 DHT. The data is already protected by the data protection scheme 130 above so an attacker can't tamper with the data in a way the user 131 can't detect but an attacker can make it look like no data is 132 available. There are a few obvious observation to make about this. 133 First, it is easy to ensure that attacker at least has to have an 134 valid enrollment with this particular DHT. Second, this is a DOS 135 attack and the value of successfully executing it is fairly low. 136 Third, if a larger percentage of the peers on the DHT are controlled 137 by the attacker, it is probably impossible to perfectly secure this. 139 When a peer sends a request that modifies the routing in the DHT, it 140 MUST sign the request on behalf of a user that is currently 141 responsible for the peer using that users certificate. A peer that 142 is changing the routing state based on this request to check the 143 signature before performing the request. 145 To reduce attacks on routing, the design tries to limit the ability 146 of an attacker to place peers at arbitrary locations in the DHT. 147 Some possible ways to do this are: 149 L1: Limiting IP addresses: Other systems have done this by forcing 150 the peer id to be a hash of a combination of the peers IP and 151 port however this approach does not work with IPv6 where the 152 users have an arbitrary number of IP addresses and the scheme is 153 also difficult to make work with IPv4 and NATs. 154 L2: Limiting by AOR: The first step to doing this is limiting the 155 number of AORs an attacker can enroll in the system. How to do 156 this is out of scope. The next step would be forcing a peer ID 157 to have the high order bits formed from an hash of the AOR and 158 some low order bits chosen randomly or hashed from the IP 159 address and port. Peers would check the Peer ID was appropriate 160 for the given users that signed the request. 161 L3: Limited by assignment at enrollment: When enrolling, the user 162 would be given a small set of peer IDs for their use. This is 163 effectively equivalent to Limited by AOR but has the addition 164 complexity of the certificates become more complex as a peer 165 would need to sign with the appropriate peer id as well as the 166 AOR. 168 Open Issue: how to do the limiting. At this point, the Limiting by 169 AOR type approach looks most appealing. 171 5. Mapping to SIP 173 There are several ways this could be mapped to SIP. 175 M1: The simplest way from a specification point of view would 176 probably be to put the information that needs to be signed in an 177 Authenticated Identity Body (AIB)[RFC 3893] in the body of the 178 SIP message and use S/MIME to sign it. It would also be 179 possible to, instead of using the AIB, form a new body format 180 for a particular record type and use S/MIME to sign it. 181 M2: An alternative proposal that does not use S/MIME would be to 182 create a new way of computing a signature over the relevant 183 data. 184 M3: The SIP Identity works provides certain sort of signatures but 185 they are domain based instead of user based so it would be 186 challenging to adapt them for use here. The problems revolves 187 around certificates that can be used to sign for a one user in 188 the DHT, would need to be limited such that the same certificate 189 could not be used to sign for a different user. Solutions to 190 this are likely to end up being more or less the same as the 191 proposal in the paragraph above this one. 193 All of these approaches would rely on the user enrollment providing 194 an X.509 certificate that contained the users name in the 195 SubjectAltName and signing the certificate with a root certificate 196 that was also provided to all clients and peers as part of the 197 enrollment. 199 Open Issue: Choose or design an envelope and signing scheme. 201 6. Security Considerations 203 TBD 205 7. IANA Considerations 207 This document does not require any actions from IANA. 209 8. Open Issues 211 Yes 213 9. Acknowledgments 215 Thanks to Eric Rescorla. 217 10. Normative References 219 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 220 Levels", BCP 14, RFC 2119, March 1997. 222 [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., 223 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: 224 Session Initiation Protocol", RFC 3261, June 2002. 226 Author's Address 228 Cullen Jennings 229 Cisco Systems 230 170 West Tasman Drive 231 MS: SJC-21/2 232 San Jose, CA 95134 233 USA 235 Phone: +1 408 902-3341 236 Email: fluffy@cisco.com 238 Full Copyright Statement 240 Copyright (C) The IETF Trust (2007). 242 This document is subject to the rights, licenses and restrictions 243 contained in BCP 78, and except as set forth therein, the authors 244 retain all their rights. 246 This document and the information contained herein are provided on an 247 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 248 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 249 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 250 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 251 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 252 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 254 Intellectual Property 256 The IETF takes no position regarding the validity or scope of any 257 Intellectual Property Rights or other rights that might be claimed to 258 pertain to the implementation or use of the technology described in 259 this document or the extent to which any license under such rights 260 might or might not be available; nor does it represent that it has 261 made any independent effort to identify any such rights. Information 262 on the procedures with respect to rights in RFC documents can be 263 found in BCP 78 and BCP 79. 265 Copies of IPR disclosures made to the IETF Secretariat and any 266 assurances of licenses to be made available, or the result of an 267 attempt made to obtain a general license or permission for the use of 268 such proprietary rights by implementers or users of this 269 specification can be obtained from the IETF on-line IPR repository at 270 http://www.ietf.org/ipr. 272 The IETF invites any interested party to bring to its attention any 273 copyrights, patents or patent applications, or other proprietary 274 rights that may cover technology that may be required to implement 275 this standard. Please address the information to the IETF at 276 ietf-ipr@ietf.org. 278 Acknowledgment 280 Funding for the RFC Editor function is provided by the IETF 281 Administrative Support Activity (IASA).