[prev in list] [next in list] [prev in thread] [next in thread]
List: sip-implementors
Subject: [Sip-implementors] SIP Federation, authentication and interoperability with WebRTC
From: Filippos Vasilakis <vasilakisfil () gmail ! com>
Date: 2020-05-03 15:55:06
Message-ID: CANJ+WfdeLgBgK6-cPjm1QE_F+PDdKx-Pfzzw2LRWK7Na7bPeFg () mail ! gmail ! com
[Download RAW message or body]
Hello everyone,
I started looking into SIP over the past months because I find it quite
interesting protocol, and after I saw a talk from Olle Johansson. I have
went through various RFCs and technical documents and I have some questions
that might be naive, but due to lack of experience I need some guidance and
clarifications. Also, I hope I am in the right place asking those questions.
1) What's the status of SIP Federation? It seems like there is no official
standard in there, but do we need it in order to achieve it ? The Secure
Telephone Identity Revisited IETF group [0] has done some amazing work over
the past years regarding SIP authentication (especially from the callee
side). Is that enough for having secure SIP Federation, or are there
missing pieces in the puzzle?
2) The WebRTC seems like it's taking a completely different road regarding
federation [1]. There, it seems like the signaling protocol (which is not
defined yet, but SIP is a major candidate), is used only for passing over
the user identities, and then the actual federation checks take place
inside the browser. I guess that's needed in case you don't trust the site
you are sitting on, like a poker site, but still need to communicate with
your friends, and verify that these are your friends (that their identity
might belong to a completely different server/domain from you). But still,
that's quite different with SIP, so how is SIP interoperability is going to
work with that? Has anyone give a thought? Feels super important to me that
these 2 don't divert.
3) Olle Johannson, in a talk in Kamailio conference, said that SIP still
hasn't solved the end-to-end encryption and integrity, mostly because, at
some point the route might go through a non TLS connection. Well that's not
an easy problem to solve, but I think that [0] has solved most of that (the
integrity part), or am I wrong ? I mean, sure the SIP request might be come
with the headers stripped off, but that's something that the callee SIP
server shouldn't trust much. If it has the necessary headers though (the
passport), then the caller should be who says it is. Of course the
encryption is still remaining open, but is this solvable at all? Anyone
working on that that ?
4) How people do authentication mostly in SIP, when some kind of federation
is needed? Is RFCs from [0] a common practice now? Is DANE (which from what
I understand depends on DNSSEC) something that is used at all ? Something
else ?
I guess I fired too many questions, but I would love to get back some
clarifications.
[0] https://datatracker.ietf.org/wg/stir/documents/
[1] https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20
[2] https://www.youtube.com/watch?v=FO1N6gEjxUo
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic