SIPCORE                                                     O. Johansson
Internet-Draft                                                 Edvina AB
Intended status: Standards Track                         October 6, 2014
Expires: April 9, 2015


  TLS sessions in SIP using DNS-based Authentication of Named Entities
                          (DANE) TLSA records
                  draft-johansson-sipcore-dane-sip-00

Abstract

   Use of TLS in the SIP protocol is defined in multiple documents,
   starting with RFC 3261.  The actual verification that happens when
   setting up a SIP TLS connection to a SIP server based on a SIP URI is
   described in detail in RFC 5922 - SIP Domain Certificates.

   In this document, an alternative method is defined, using DNS-Based
   Authentication of Named Entities (DANE).  By looking up TLSA DNS
   records and using DNSsec protection of the required queries,
   including lookups for NAPTR and SRV records, a SIP Client can verify
   the identity of the TLS SIP server in a different way, matching on
   the SRV host name in the X.509 PKIX certificate instead of the SIP
   domain.  This provides more scalability in hosting solutions and make
   it easier to use standard CA certificates (if needed at all).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 9, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Johansson                 Expires April 9, 2015                 [Page 1]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology and Conventions Used in This Document . . . . . .   3
   3.  Using DNS in the SIP protocol . . . . . . . . . . . . . . . .   4
   4.  Why DNSsec is important for SIP . . . . . . . . . . . . . . .   4
   5.  Secure delegation is required for DANE to apply . . . . . . .   4
   6.  TLSA record name  . . . . . . . . . . . . . . . . . . . . . .   5
   7.  Procedures for DANE-capable SIP implementations . . . . . . .   5
   8.  X.509 certicate validation  . . . . . . . . . . . . . . . . .   5
   9.  Backward Compatibility with RFC 5922  . . . . . . . . . . . .   5
   10. Examples on certificate content . . . . . . . . . . . . . . .   6
     10.1.  Example 1: johansson.example.com . . . . . . . . . . . .   6
     10.2.  Example 2: lundholm.example.com  . . . . . . . . . . . .   6
   11. Security Considerations . . . . . . . . . . . . . . . . . . .   7
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   13. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     14.1.  Normative References . . . . . . . . . . . . . . . . . .   7
     14.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Appendix A.  Appendix A. Implementation notes . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   RFC 3261 [RFC3261] defines how to use TLS in the SIP protocol, but
   doesn't describe the actual verification between a SIP request and a
   TLS server certificate in detail.  RFC 5922 [RFC5922] updates RFC
   3261 with a definition of how a SIP client matches a PKIX X.509
   [RFC5280] certificate provided by a TLS-enabled SIP server with the
   domain of a SIP request that caused the connection to be set up.
   Verification is done using the domain part of the SIP URI and the
   X.509 SubjectAltName extension of type dNSName or
   uniformResourceIdentifier.  This is called "domain verification" as
   opposed to "host verification" in RFC 5922.

   Including all domains hosted by a server in a server's certificate
   doesn't provide for a scalable and easy-managed solution.  Every time



Johansson                 Expires April 9, 2015                 [Page 2]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   a service adds a domain, a new certificate will need to be provided,
   unless TLS Server Name Identification (SNI) is used, where each
   domain can have it's own certificate.  Having one certificate per
   domain and subdomain adds to the administration of a service.  In
   addition, no known commercial CA offers certificate services with SIP
   URI's in the certificates.

   Using DNSsec and DNS-based Authentication of Named Entities
   (DANE)[RFC6698] the chain from a SIP uri to a TLS certificate
   changes, as outlined in this document.  With DNSsec, the DNS lookups
   are authenticated and can be verified and trusted.
   [I-D.ietf-dane-srv] describes a DANE-based chain of trust, matching
   the SRV host name with the contents of the certificate.

   This document describes how a SIP implementation can use DANE to set
   up a secure connection to a SIP server with TLS support.  In
   addition, we describe how a server can provide support for RFC
   5922-style clients with the same certificate, if needed.

   This document adds an alternative to RFC5922 so that SIP
   implementations supporting DANE can validate a SIP domain identity
   using secure DNS queries and the identity of the SIP host by
   verifying the certificate using the SRV host name found in a
   SubjectAltName extension of type DNSName in the certificate.  The
   domain verification will now happen based on DNSsec and the TLS
   verification will be based on host names (host verification in RFC
   5922).

   In order to learn about DANE and the different ways a TLSA record can
   be constructed, readers of this document needs to also read RFC 6698
   [RFC6698].

2.  Terminology and Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   RFC 3261 [RFC3261] defines additional terms used in this document
   that are specific to the SIP domain such as "proxy"; "registrar";
   "redirect server"; "user agent server" or "UAS"; "user agent client"
   or "UAC"; "back-to-back user agent" or "B2BUA"; "dialog";
   "transaction"; "server transaction".

   This document uses the term "SIP Server" that is defined to include
   the following SIP entities: user agent server (UAS), registrar,
   redirect server, a SIP proxy in the role of user agent server, and a
   B2BUA in the role of a user agent server.



Johansson                 Expires April 9, 2015                 [Page 3]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   This document uses the term "SIP client" that is defined to include
   the following SIP entities: user agent client(UAC), a SIP proxy in
   the role of user agent client, and a B2BUA in the role of a user
   agent client.

3.  Using DNS in the SIP protocol

   RFC 3263[RFC3263] describes how a SIP implementation use DNS to find
   the next hop server.  The first step is to look up a DNS NAPTR record
   for the domain part of the URI.  NAPTR records are used by the target
   domain to indicate reachability using different transports.  NAPTR
   may be used to indicate a preference for TLS/TCP connections.

   The result of the NAPTR lookup is a DNS name used to query for DNS
   SRV records.  The list of DNS SRV records indicate host names that
   are queried for to find A or AAAA records with IP addresses.

   SIP SRV records for TLS/TCP are using the prefix _sips._tcp, as in
   the DNS name _sips._tcp.example.com.

   A SIP implementation with no support for NAPTR may, based on
   configuration or URI scheme, choose to set up a TLS session to the
   target domain.

      In rare cases, no SRV lookup is done.  This means that the
      implementation lacks capability to do load balancing and failover
      based on the information in the DNS.  These type of clients are
      not considered in this document.

4.  Why DNSsec is important for SIP

   DNS relies on DNS lookups not only to find the next hop server, but
   also for server administrators to provide failover and to load
   balance clients.  The result of querying for one domain may need to
   SRV records or host names in another domain.  Without DNSsec, an
   attacker can forge DNS replies and issue bogus DNS records, directing
   traffic to a bad server.  This applies to calls as well as instant
   messaging, chat and presense.

5.  Secure delegation is required for DANE to apply

   It is important for implementors to understand the concept of
   "secure" DNSsec validation according to RFC 4033[RFC4033].  For this
   specification to take effect, all DNS RRsets in the chain from SIP
   URI to IP address and TLSA record must be secure.  (This corresponds
   to the A.D. bit being set in the responses).





Johansson                 Expires April 9, 2015                 [Page 4]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   If any RRset is not secure, this specification doesn't apply and the
   implementation should fall back to RFC 5922[RFC5922] behaviour.  If
   any of the responses are "bogus" according to DNSsec validation, the
   client MUST abort the connection.

6.  TLSA record name

   For the SIP protocol DANE usage, TLSA records are to be found in
   accordance with [I-D.ietf-dane-srv].  If the domain example.com's TLS
   SRV records points to sip01.example.com port 5042 then the
   corresponding TLSA record will be found using the name
   _5042._tcp.sip01.example.com.

7.  Procedures for DANE-capable SIP implementations

   DANE capable SIP implementations follow the procedures above to find
   a SRV host name and look for a TLSA record.  If no TLSA record is
   found, the client should fall back to RFC 5922 behaviour.

   If a TLSA record is found, the client should never fall back to RFC
   5922 behaviour.  If TLSA-based validation fails, the client MUST
   abort the connection attempt.

8.  X.509 certicate validation

   When using DANE-based validation the client validates the SRV
   hostname with the certificate using RFC 5922 rules.  A DANE-capable
   SIP implementation looks for the SRV hostname in the list of
   SubjAltName DNSName extension fields.  Only if there are no
   SubjAltName extension fields may the client look in the CN of the
   X.509 certificate (according to RFC 5922).

   If the SRV host name is not found in the certificate, DANE validation
   fails and the client MUST abort the connection.

   Using the SRV host name for validation of a SIP domain identity is an
   update to RFC 5922

9.  Backward Compatibility with RFC 5922

   RFC 5922[RFC5922] implementations with no DANE support will be able
   to connect with the matching described in that document.  SIP Servers
   can use certificates that are compatible with both this specification
   and RFC5922.

   [I-D.ietf-dane-srv] requires use of the TLS Server Name Indication
   (SNI) extension [RFC6066].  This is not a requirement in this




Johansson                 Expires April 9, 2015                 [Page 5]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   document, since SIP certificates can support both RFC 5922 style
   validation and DANE-based validation with the same certificate.

10.  Examples on certificate content

   This section gives examples on certificate content and how the match
   a given URI.  The X.509 PKIX Subject field CN value is abbreviated as
   "CN", the SubjectAltName extension DNSName and
   uniformResourceIdentifier are abbreviated as "SAN-DNS" and "SAN-URI".
   The certificates are tested with three different clients.  A DANE-
   aware client, a RFC 5922 client with no DANE support and a client
   that matches the SIP domain with the Common Name in the Subject of
   the certificate.  The last example is not really covered by any SIP-
   related RFC and should be avoided.

10.1.  Example 1: johansson.example.com

   o  Domain: johansson.example.com

   o  DNS SRV host for TLS: siphosting.example.net

   Certificate content:

   o  CN: siphosting.example.net

   o  SAN-URI: -

   o  SAN-DNS: -

   o  Matching for DANE-aware SIP clients: Yes

   o  Matching for only RFC 5922 SIP clients: No

   o  Matching on CNAME only: No

10.2.  Example 2: lundholm.example.com

   o  Domain: lundholm.example.com

   o  DNS SRV host for TLS: sipcrew.example.net

   Certificate content:

   o  CN: randomname.example.net

   o  SAN-URI: sip:lundholm.example.com

   o  SAN-DNS: lundholm.example.com



Johansson                 Expires April 9, 2015                 [Page 6]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   o  Matching for DANE-aware SIP clients: Yes

   o  Matching for only RFC 5922 SIP clients: Yes

   Note: More examples is coming here.

11.  Security Considerations

   This document use already published solutions for providing
   credentials for setting up a secure connection to a SIP server.  By
   depending on secure lookups of DNS NAPTR and SRV records as well as
   using TLSA records to verify a SIP servers TLS certificate it
   describes a secure method for making sure that a SIP request for a
   domain is sent to an authoritative server.

   In addition to this document, many security considerations are
   covered in ID.ietf-dane-srv.

12.  IANA Considerations

   This document does not require actions by IANA.

13.  Acknowledgements

   The author wishes to acknowledge Jakob Schlyter for inspiration and
   .SE for promoting DNSsec and DANE.

14.  References

14.1.  Normative References

   [I-D.ietf-dane-srv]
              Finch, T., Miller, M., and P. Saint-Andre, "Using DNS-
              Based Authentication of Named Entities (DANE) TLSA Records
              with SRV Records", draft-ietf-dane-srv-07 (work in
              progress), July 2014.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC3263]  Rosenberg, J. and H. Schulzrinne, "Session Initiation
              Protocol (SIP): Locating SIP Servers", RFC 3263, June
              2002.



Johansson                 Expires April 9, 2015                 [Page 7]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements", RFC
              4033, March 2005.

   [RFC4346]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.1", RFC 4346, April 2006.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, May 2008.

   [RFC5922]  Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain
              Certificates in the Session Initiation Protocol (SIP)",
              RFC 5922, June 2010.

   [RFC6066]  Eastlake, D., "Transport Layer Security (TLS) Extensions:
              Extension Definitions", RFC 6066, January 2011.

   [RFC6698]  Hoffman, P. and J. Schlyter, "The DNS-Based Authentication
              of Named Entities (DANE) Transport Layer Security (TLS)
              Protocol: TLSA", RFC 6698, August 2012.

14.2.  Informative References

   [I-D.ogud-dane-vocabulary]
              Gudmundsson, O., "Harmonizing how applications specify
              DANE-like usage", draft-ogud-dane-vocabulary-02 (work in
              progress), February 2014.

   [RFC5589]  Sparks, R., Johnston, A., and D. Petrie, "Session
              Initiation Protocol (SIP) Call Control - Transfer", BCP
              149, RFC 5589, June 2009.

Appendix A.  Appendix A.  Implementation notes

   Developers of SIP implementations are strongly encouraged to
   implement RFC 5922 and this document for secure verification of a SIP
   domain with a TLS server.  This document also encourages
   implementation of TLS SNI both in client and server implementations.
   In order to get support of this function, update to new versions of
   the TLS libraries and make sure that the implementation supports new
   versions of TLS - TLS 1.1 [RFC4346] and TLS 1.2 [RFC5246].





Johansson                 Expires April 9, 2015                 [Page 8]


Internet-Draft     SIP TLS connection setup using DANE      October 2014


   Implementatinos that do support TLS are encouraged to always start
   with attempting TLS, even if the URI is a SIP: uri.  If there are
   NAPTR records for the domain and the domain indicates support of TLS,
   use it.  If there are no NAPTR records, start SRV lookup with the
   _sips._tcp prefix.  This way, the SIP network will gradually shift to
   always using secure and authenticated TLS sessions.

Author's Address

   Olle E. Johansson
   Edvina AB
   Runbovaegen 10
   Sollentuna  SE-192 48
   SE

   Email: oej@edvina.net



































Johansson                 Expires April 9, 2015                 [Page 9]