Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, sip mailing list <email@example.com>, sip chair <firstname.lastname@example.org> Subject: Protocol Action: 'Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)' to Proposed Standard The IESG has approved the following document: - 'Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) ' <draft-ietf-sip-identity-07.txt> as a Proposed Standard This document is the product of the Session Initiation Protocol Working Group. The IESG contact persons are Allison Mankin and Jon Peterson. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-07.txt
Technical Summary The existing security mechanisms in the Session Initiation Protocol are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document specifies a mechanism for securely identifying originators of SIP messages. It does so by defining two new SIP header fields, Identity, for conveying a signature used for validating the identity, and Identity-Info, for conveying a reference to the certificate of the signer. It specifies the mechanisms and procedures for using these and how they can be used with the existing SIP privacy capabilities. It is desirable for SIP user agents to be able to send requests to destinations with which they have no previous association - just as in the telephone network today, one can receive a call from someone with whom one has no previous association, and still have a reasonable assurance that their displayed Caller-ID is accurate. A cryptographic approach, like the one described in this document, can probably provide a much stronger and less-spoofable assurance of identity than the telephone network provides today. Working Group Summary This specification required a number of tries and much analysis. There was strong consensus on the solution by the time it reached the version in this draft. Protocol Quality Eric Rescorla provided early architectural review of the work. The careful reading by the GEN-ART reviewer, Lakshminath Dondeti was valuable. Allison Mankin is the Responsible Area Director.