datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
RFC 4474

Network Working Group                                        J. Peterson
Request for Comments: 4474                                       NeuStar
Category: Standards Track                                    C. Jennings
                                                           Cisco Systems
                                                             August 2006

       Enhancements for Authenticated Identity Management in the
                   Session Initiation Protocol (SIP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The existing security mechanisms in the Session Initiation Protocol
   (SIP) are inadequate for cryptographically assuring the identity of
   the end users that originate SIP requests, especially in an
   interdomain context.  This document defines a mechanism for securely
   identifying originators of SIP messages.  It does so by defining two
   new SIP header fields, Identity, for conveying a signature used for
   validating the identity, and Identity-Info, for conveying a reference
   to the certificate of the signer.

Peterson & Jennings         Standards Track                     [Page 1]
RFC 4474                      SIP Identity                   August 2006

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................3
   3. Background ......................................................3
   4. Overview of Operations ..........................................6
   5. Authentication Service Behavior .................................7
      5.1. Identity within a Dialog and Retargeting ..................10
   6. Verifier Behavior ..............................................11
   7. Considerations for User Agent ..................................12
   8. Considerations for Proxy Servers ...............................13
   9. Header Syntax ..................................................13
   10. Compliance Tests and Examples .................................16
      10.1. Identity-Info with a Singlepart MIME body ................17
      10.2. Identity for a Request with No MIME Body or Contact ......20
   11. Identity and the TEL URI Scheme ...............................22
   12. Privacy Considerations ........................................23
   13. Security Considerations .......................................24
      13.1. Handling of digest-string Elements .......................24
      13.2. Display-Names and Identity ...............................27
      13.3. Securing the Connection to the Authentication Service ....28
      13.4. Domain Names and Subordination ...........................29
      13.5. Authorization and Transitional Strategies ................30
   14. IANA Considerations ...........................................31
      14.1. Header Field Names .......................................31
      14.2. 428 'Use Identity Header' Response Code ..................32
      14.3. 436 'Bad Identity-Info' Response Code ....................32
      14.4. 437 'Unsupported Certificate' Response Code ..............32
      14.5. 438 'Invalid Identity Header' Response Code ..............33
      14.6. Identity-Info Parameters .................................33
      14.7. Identity-Info Algorithm Parameter Values .................33
   Appendix A. Acknowledgements ......................................34
   Appendix B. Bit-Exact Archive of Examples of Messages .............34
      B.1. Encoded Reference Files ...................................35
   Appendix C. Original Requirements .................................38
   References ........................................................39
      Normative References ...........................................39
      Informative References .........................................39

Peterson & Jennings         Standards Track                     [Page 2]
RFC 4474                      SIP Identity                   August 2006

1.  Introduction

   This document provides enhancements to the existing mechanisms for
   authenticated identity management in the Session Initiation Protocol
   (SIP, RFC 3261 [1]).  An identity, for the purposes of this document,
   is defined as a SIP URI, commonly a canonical address-of-record (AoR)
   employed to reach a user (such as 'sip:alice@atlanta.example.com').

[include full document text]