Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
RFC 4474
Document | Type |
RFC - Proposed Standard
(August 2006; Errata)
Obsoleted by RFC 8224
|
|
---|---|---|---|
Last updated | 2015-10-14 | ||
Replaces | draft-peterson-sip-identity | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4474 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Allison Mankin | ||
Send notices to | <rohan@ekabal.com> |
Network Working Group J. Peterson Request for Comments: 4474 NeuStar Category: Standards Track C. Jennings Cisco Systems August 2006 Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract The existing security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP messages. It does so by defining two new SIP header fields, Identity, for conveying a signature used for validating the identity, and Identity-Info, for conveying a reference to the certificate of the signer. Peterson & Jennings Standards Track [Page 1] RFC 4474 SIP Identity August 2006 Table of Contents 1. Introduction ....................................................3 2. Terminology .....................................................3 3. Background ......................................................3 4. Overview of Operations ..........................................6 5. Authentication Service Behavior .................................7 5.1. Identity within a Dialog and Retargeting ..................10 6. Verifier Behavior ..............................................11 7. Considerations for User Agent ..................................12 8. Considerations for Proxy Servers ...............................13 9. Header Syntax ..................................................13 10. Compliance Tests and Examples .................................16 10.1. Identity-Info with a Singlepart MIME body ................17 10.2. Identity for a Request with No MIME Body or Contact ......20 11. Identity and the TEL URI Scheme ...............................22 12. Privacy Considerations ........................................23 13. Security Considerations .......................................24 13.1. Handling of digest-string Elements .......................24 13.2. Display-Names and Identity ...............................27 13.3. Securing the Connection to the Authentication Service ....28 13.4. Domain Names and Subordination ...........................29 13.5. Authorization and Transitional Strategies ................30 14. IANA Considerations ...........................................31 14.1. Header Field Names .......................................31 14.2. 428 'Use Identity Header' Response Code ..................32 14.3. 436 'Bad Identity-Info' Response Code ....................32 14.4. 437 'Unsupported Certificate' Response Code ..............32 14.5. 438 'Invalid Identity Header' Response Code ..............33 14.6. Identity-Info Parameters .................................33 14.7. Identity-Info Algorithm Parameter Values .................33 Appendix A. Acknowledgements ......................................34 Appendix B. Bit-Exact Archive of Examples of Messages .............34 B.1. Encoded Reference Files ...................................35 Appendix C. Original Requirements .................................38 References ........................................................39 Normative References ...........................................39 Informative References .........................................39 Peterson & Jennings Standards Track [Page 2] RFC 4474 SIP Identity August 2006 1. Introduction This document provides enhancements to the existing mechanisms for authenticated identity management in the Session Initiation Protocol (SIP, RFC 3261 [1]). An identity, for the purposes of this document, is defined as a SIP URI, commonly a canonical address-of-record (AoR) employed to reach a user (such as 'sip:alice@atlanta.example.com'). RFC 3261 stipulates several places within a SIP request where a user can express an identity for themselves, notably the user-populated From header field. However, the recipient of a SIP request has noShow full document text