- VoIP-Forum - https://www.voip-forum.com -

SIP and security: Clarifications and specifications needed

Posted By oej On October 15, 2011 @ 11:41 In IETF standards & drafts,Security,sip,tls | Comments Disabled

[1]Lately, I’ve been going through a lot of SIP RFCs and drafts, trying to get an overview of the security suggested in all of these documents. The quality of this work, seen from a developer’s perspective, is quite poor. Sometimes it seems like authors think, “oh, we need to add that security stuff, so let’s add a few keywords like TLS and S/MIME here and there“. We need to get better in reviewing the drafts from a security perspective. Here are  some thoughts on instructions to RFC authors:

  • S/MIME: If you refer to S/MIME, make it very clear which certificates that are going to be used and how the certificate verification process should happen – which part of the SIP message should match with which part of the certificate? And which certificate should be used to encrypt?
  • TLS: If you refer to TLS, you need to be very clear on why – is this to provide authentication, confidentiality or something else? Does the solution require mutual authentication or just server authentication? If authentication is part of your solution, make it very clear how you verify the certificate with the message, down to SIP header fields and X.509v3/PKIX fields.
  • SIPS: If you suggest usage of SIPS, make it very clear on what this adds and how the message flow is supposed to look like. Is SIPS used in the request uri, the Contact or somewhere else? What is the effect? Make sure you really understand SIPS before this is added. Or even better, just avoid SIPS and let it fade away.
  • Certificate matching: If you refer to a certificate SubjAltName, make very clear if it’s a URI or a dnsName field that is required and preferences if there are multiple SubjAltNames in addition to the certificate subject.
The worst documenst so far are the RFCs related to SIP subscriptions. They suggest using S/MIME for encryption, but does not explain how. Now, if I subscribe to the presence status of sip:bob@example.com, my SUBSCRIBE request will end up at the presence server for the domain example.com. Should the user agent somehow find the certificate for sip:example.com to encrypt the message? Should we use the certificate of sip:bob@example.com – which would require the presence server to have the private key belonging to Bob? The RFCs doesn’t help at all.
RFC 3857 states the following on the topic of eavesdropping on SUBSCRIBE/NOTIFY requests:

“To prevent that, watchers MAY use the sips URI scheme when subscribing to a watcherinfo resource.  Notifiers for watcherinfo MUST support TLS and sips as if they were a proxy (see Section 26.3.1 of RFC 3261 [2]).”

This means that a UA should be able to SUBSCRIBE over a TLS connection, and get NOTIFY over – what? Remember that this was written before SIP Outbound was standardized. For a developer this means that the subscriber is required to have a TLS certificate and accept incoming connections on the TLS port if the Contact in the SUBSCRIBE is a SIPS uri. The RFC should discuss this in more detail.

Nine years after RFC 3261 we have a larger toolbox, including GRUUs, SIP Outbound, SIP Domain certificates, DNSsec and much more. It’s time we restart the work with a SIP security architecture and provide something that developers can implement and that users will clearly feel is a better and more trustworthy solution. The IETF mantra is “rough consensus and running code”. RFCs should make it easy to produce running code. The SIP RFCs fails do this on the topic of SIP security.

/Olle

 

 

 


Article printed from VoIP-Forum: https://www.voip-forum.com

URL to article: https://www.voip-forum.com/ietf/2011-10/sip-security-mess/

URLs in this post:

[1] Image: http://www.voip-forum.com/wp-content/uploads/2011/10/sip-security-patrol-small.png

[2] Section 26.3.1 of RFC 3261: http://tools.ietf.org/html/rfc3261#section-26.3.1

Copyright © 2008-2011 Edvina AB, Sollentuna Sweden. All rights reserved.