Best Practices for Securing RTP Media Signaled with SIP
RFC 8862

Document Type RFC - Best Current Practice (January 2021; No errata)
Also known as BCP 228
Authors Jon Peterson  , Richard Barnes  , Russ Housley 
Last updated 2021-01-18
Replaces draft-peterson-sipbrandy-rtpsec
Stream IETF
Formats plain text html xml pdf htmlized bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Gonzalo Camarillo
Shepherd write-up Show (last changed 2018-10-30)
IESG IESG state RFC 8862 (Best Current Practice)
Action Holders
(None)
Consensus Boilerplate Yes
Telechat date
Responsible AD Alexey Melnikov
Send notices to Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack


Internet Engineering Task Force (IETF)                       J. Peterson
Request for Comments: 8862                                       Neustar
BCP: 228                                                       R. Barnes
Category: Best Current Practice                                    Cisco
ISSN: 2070-1721                                               R. Housley
                                                          Vigil Security
                                                            January 2021

        Best Practices for Securing RTP Media Signaled with SIP

Abstract

   Although the Session Initiation Protocol (SIP) includes a suite of
   security services that has been expanded by numerous specifications
   over the years, there is no single place that explains how to use SIP
   to establish confidential media sessions.  Additionally, existing
   mechanisms have some feature gaps that need to be identified and
   resolved in order for them to address the pervasive monitoring threat
   model.  This specification describes best practices for negotiating
   confidential media with SIP, including a comprehensive protection
   solution that binds the media layer to SIP layer identities.

Status of This Memo

   This memo documents an Internet Best Current Practice.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   BCPs is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8862.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Terminology
   3.  Security at the SIP and SDP Layer
   4.  STIR Profile for Endpoint Authentication and Verification
           Services
     4.1.  Credentials
     4.2.  Anonymous Communications
     4.3.  Connected Identity Usage
     4.4.  Authorization Decisions
   5.  Media Security Protocols
   6.  Relayed Media and Conferencing
   7.  ICE and Connected Identity
   8.  Best Current Practices
   9.  IANA Considerations
   10. Security Considerations
   11. References
     11.1.  Normative References
     11.2.  Informative References
   Acknowledgements
   Authors' Addresses

1.  Introduction

   The Session Initiation Protocol (SIP) [RFC3261] includes a suite of
   security services, including Digest Authentication [RFC7616] for
   authenticating entities with a shared secret, TLS [RFC8446] for
   transport security, and (optionally) S/MIME [RFC8551] for body
   security.  SIP is frequently used to establish media sessions -- in
   particular, audio or audiovisual sessions, which have their own
   security mechanisms available, such as the Secure Real-time Transport
   Protocol (SRTP) [RFC3711].  However, the practices needed to bind
   security at the media layer to security at the SIP layer, to provide
   an assurance that protection is in place all the way up the stack,
   rely on a great many external security mechanisms and practices.
   This document provides documentation to explain their optimal use as
   a best practice.

   Revelations about widespread pervasive monitoring of the Internet
   have led to a greater desire to protect Internet communications
   [RFC7258].  In order to maximize the use of security features,
   especially of media confidentiality, opportunistic measures serve as
   a stopgap when a full suite of services cannot be negotiated all the
   way up the stack.  Opportunistic media security for SIP is described
   in [RFC8643], which builds on the prior efforts of
   [Best-Effort-SRTP].  With opportunistic encryption, there is an
   attempt to negotiate the use of encryption, but if the negotiation
   fails, then cleartext is used.  Opportunistic encryption approaches
   typically have no integrity protection for the keying material.

   This document contains the SIP Best-practice Recommendations Against
   Network Dangers to privacY (SIPBRANDY) profile of Secure Telephone
   Identity Revisited (STIR) [RFC8224] for media confidentiality,
   providing a comprehensive security solution for SIP media that
Show full document text