Best Practices for Securing RTP Media Signaled with SIP
RFC 8862
| Document | Type |
RFC - Best Current Practice
(January 2021; No errata)
Also known as BCP 228
|
|
|---|---|---|---|
| Authors | Jon Peterson , Richard Barnes , Russ Housley | ||
| Last updated | 2021-01-18 | ||
| Replaces | draft-peterson-sipbrandy-rtpsec | ||
| Stream | IETF | ||
| Formats | plain text html xml pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Gonzalo Camarillo | ||
| Shepherd write-up | Show (last changed 2018-10-30) | ||
| IESG | IESG state | RFC 8862 (Best Current Practice) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Alexey Melnikov | ||
| Send notices to | Gonzalo Camarillo <gonzalo.camarillo@ericsson.com> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack | ||
Internet Engineering Task Force (IETF) J. Peterson
Request for Comments: 8862 Neustar
BCP: 228 R. Barnes
Category: Best Current Practice Cisco
ISSN: 2070-1721 R. Housley
Vigil Security
January 2021
Best Practices for Securing RTP Media Signaled with SIP
Abstract
Although the Session Initiation Protocol (SIP) includes a suite of
security services that has been expanded by numerous specifications
over the years, there is no single place that explains how to use SIP
to establish confidential media sessions. Additionally, existing
mechanisms have some feature gaps that need to be identified and
resolved in order for them to address the pervasive monitoring threat
model. This specification describes best practices for negotiating
confidential media with SIP, including a comprehensive protection
solution that binds the media layer to SIP layer identities.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8862.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
2. Terminology
3. Security at the SIP and SDP Layer
4. STIR Profile for Endpoint Authentication and Verification
Services
4.1. Credentials
4.2. Anonymous Communications
4.3. Connected Identity Usage
4.4. Authorization Decisions
5. Media Security Protocols
6. Relayed Media and Conferencing
7. ICE and Connected Identity
8. Best Current Practices
9. IANA Considerations
10. Security Considerations
11. References
11.1. Normative References
11.2. Informative References
Acknowledgements
Authors' Addresses
1. Introduction
The Session Initiation Protocol (SIP) [RFC3261] includes a suite of
security services, including Digest Authentication [RFC7616] for
authenticating entities with a shared secret, TLS [RFC8446] for
transport security, and (optionally) S/MIME [RFC8551] for body
security. SIP is frequently used to establish media sessions -- in
particular, audio or audiovisual sessions, which have their own
security mechanisms available, such as the Secure Real-time Transport
Protocol (SRTP) [RFC3711]. However, the practices needed to bind
security at the media layer to security at the SIP layer, to provide
an assurance that protection is in place all the way up the stack,
rely on a great many external security mechanisms and practices.
This document provides documentation to explain their optimal use as
a best practice.
Revelations about widespread pervasive monitoring of the Internet
have led to a greater desire to protect Internet communications
[RFC7258]. In order to maximize the use of security features,
especially of media confidentiality, opportunistic measures serve as
a stopgap when a full suite of services cannot be negotiated all the
way up the stack. Opportunistic media security for SIP is described
in [RFC8643], which builds on the prior efforts of
[Best-Effort-SRTP]. With opportunistic encryption, there is an
attempt to negotiate the use of encryption, but if the negotiation
fails, then cleartext is used. Opportunistic encryption approaches
typically have no integrity protection for the keying material.
This document contains the SIP Best-practice Recommendations Against
Network Dangers to privacY (SIPBRANDY) profile of Secure Telephone
Identity Revisited (STIR) [RFC8224] for media confidentiality,
providing a comprehensive security solution for SIP media that
Show full document text