Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
RFC 4474
| Document | Type |
RFC - Proposed Standard
(August 2006; Errata)
Obsoleted by RFC 8224
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Replaces | draft-peterson-sip-identity | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4474 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Allison Mankin | ||
| Send notices to | <rohan@ekabal.com> | ||
Network Working Group J. Peterson
Request for Comments: 4474 NeuStar
Category: Standards Track C. Jennings
Cisco Systems
August 2006
Enhancements for Authenticated Identity Management in the
Session Initiation Protocol (SIP)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
The existing security mechanisms in the Session Initiation Protocol
(SIP) are inadequate for cryptographically assuring the identity of
the end users that originate SIP requests, especially in an
interdomain context. This document defines a mechanism for securely
identifying originators of SIP messages. It does so by defining two
new SIP header fields, Identity, for conveying a signature used for
validating the identity, and Identity-Info, for conveying a reference
to the certificate of the signer.
Peterson & Jennings Standards Track [Page 1]
RFC 4474 SIP Identity August 2006
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................3
3. Background ......................................................3
4. Overview of Operations ..........................................6
5. Authentication Service Behavior .................................7
5.1. Identity within a Dialog and Retargeting ..................10
6. Verifier Behavior ..............................................11
7. Considerations for User Agent ..................................12
8. Considerations for Proxy Servers ...............................13
9. Header Syntax ..................................................13
10. Compliance Tests and Examples .................................16
10.1. Identity-Info with a Singlepart MIME body ................17
10.2. Identity for a Request with No MIME Body or Contact ......20
11. Identity and the TEL URI Scheme ...............................22
12. Privacy Considerations ........................................23
13. Security Considerations .......................................24
13.1. Handling of digest-string Elements .......................24
13.2. Display-Names and Identity ...............................27
13.3. Securing the Connection to the Authentication Service ....28
13.4. Domain Names and Subordination ...........................29
13.5. Authorization and Transitional Strategies ................30
14. IANA Considerations ...........................................31
14.1. Header Field Names .......................................31
14.2. 428 'Use Identity Header' Response Code ..................32
14.3. 436 'Bad Identity-Info' Response Code ....................32
14.4. 437 'Unsupported Certificate' Response Code ..............32
14.5. 438 'Invalid Identity Header' Response Code ..............33
14.6. Identity-Info Parameters .................................33
14.7. Identity-Info Algorithm Parameter Values .................33
Appendix A. Acknowledgements ......................................34
Appendix B. Bit-Exact Archive of Examples of Messages .............34
B.1. Encoded Reference Files ...................................35
Appendix C. Original Requirements .................................38
References ........................................................39
Normative References ...........................................39
Informative References .........................................39
Peterson & Jennings Standards Track [Page 2]
RFC 4474 SIP Identity August 2006
1. Introduction
This document provides enhancements to the existing mechanisms for
authenticated identity management in the Session Initiation Protocol
(SIP, RFC 3261 [1]). An identity, for the purposes of this document,
is defined as a SIP URI, commonly a canonical address-of-record (AoR)
employed to reach a user (such as 'sip:alice@atlanta.example.com').
RFC 3261 stipulates several places within a SIP request where a user
can express an identity for themselves, notably the user-populated
From header field. However, the recipient of a SIP request has no
Show full document text