Best Practices for Securing RTP Media Signaled with SIP
RFC 8862
Document | Type |
RFC - Best Current Practice
(January 2021; No errata)
Also known as BCP 228
|
|
---|---|---|---|
Authors | Jon Peterson , Richard Barnes , Russ Housley | ||
Last updated | 2021-01-18 | ||
Replaces | draft-peterson-sipbrandy-rtpsec | ||
Stream | IETF | ||
Formats | plain text html xml pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Gonzalo Camarillo | ||
Shepherd write-up | Show (last changed 2018-10-30) | ||
IESG | IESG state | RFC 8862 (Best Current Practice) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Alexey Melnikov | ||
Send notices to | Gonzalo Camarillo <gonzalo.camarillo@ericsson.com> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) J. Peterson Request for Comments: 8862 Neustar BCP: 228 R. Barnes Category: Best Current Practice Cisco ISSN: 2070-1721 R. Housley Vigil Security January 2021 Best Practices for Securing RTP Media Signaled with SIP Abstract Although the Session Initiation Protocol (SIP) includes a suite of security services that has been expanded by numerous specifications over the years, there is no single place that explains how to use SIP to establish confidential media sessions. Additionally, existing mechanisms have some feature gaps that need to be identified and resolved in order for them to address the pervasive monitoring threat model. This specification describes best practices for negotiating confidential media with SIP, including a comprehensive protection solution that binds the media layer to SIP layer identities. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8862. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 2. Terminology 3. Security at the SIP and SDP Layer 4. STIR Profile for Endpoint Authentication and Verification Services 4.1. Credentials 4.2. Anonymous Communications 4.3. Connected Identity Usage 4.4. Authorization Decisions 5. Media Security Protocols 6. Relayed Media and Conferencing 7. ICE and Connected Identity 8. Best Current Practices 9. IANA Considerations 10. Security Considerations 11. References 11.1. Normative References 11.2. Informative References Acknowledgements Authors' Addresses 1. Introduction The Session Initiation Protocol (SIP) [RFC3261] includes a suite of security services, including Digest Authentication [RFC7616] for authenticating entities with a shared secret, TLS [RFC8446] for transport security, and (optionally) S/MIME [RFC8551] for body security. SIP is frequently used to establish media sessions -- in particular, audio or audiovisual sessions, which have their own security mechanisms available, such as the Secure Real-time Transport Protocol (SRTP) [RFC3711]. However, the practices needed to bind security at the media layer to security at the SIP layer, to provide an assurance that protection is in place all the way up the stack, rely on a great many external security mechanisms and practices. This document provides documentation to explain their optimal use as a best practice. Revelations about widespread pervasive monitoring of the Internet have led to a greater desire to protect Internet communications [RFC7258]. In order to maximize the use of security features, especially of media confidentiality, opportunistic measures serve as a stopgap when a full suite of services cannot be negotiated all the way up the stack. Opportunistic media security for SIP is described in [RFC8643], which builds on the prior efforts of [Best-Effort-SRTP]. With opportunistic encryption, there is an attempt to negotiate the use of encryption, but if the negotiation fails, then cleartext is used. Opportunistic encryption approaches typically have no integrity protection for the keying material. This document contains the SIP Best-practice Recommendations Against Network Dangers to privacY (SIPBRANDY) profile of Secure Telephone Identity Revisited (STIR) [RFC8224] for media confidentiality, providing a comprehensive security solution for SIP media thatShow full document text