1 / 9

S/MIME Certificates

S/MIME Certificates. Cullen Jennings fluffy@cisco.com. E2E SIP Security Requires S/MIME. In order to use S/MIME you need to discover certificates for your peers This is not Somebody Else’s Problem

lotte
Télécharger la présentation

S/MIME Certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S/MIME Certificates Cullen Jennings fluffy@cisco.com

  2. E2E SIP Security Requires S/MIME • In order to use S/MIME you need to discover certificates for your peers • This is not Somebody Else’s Problem • If there is no viable work to make certificates available in typical SIP deployments, we can’t base our security on it • Strong, ubiquitous, identity is one of the best tools in dealing with SPAM

  3. What the certs draft provides • No extra work on the part of the human using a UA • No extra expense for end user certificates • Enterprise only need to run a web commerce style web server • A revocation mechanism that works

  4. 1 2 4 3 Mechanism a.com b.com • Callee with address Bob@b.com publishes public certificate at b.com • Does with HTTPS PUT with Digest authentication • Caller wants to call bob@b.com and gets the certificate from b.com • Done with HTTPS GET. • Caller encrypts stuff for Callee • Uses S/MIME in SIP • Callee fetches caller certificate (from a.com) to verify Caller certificate • Uses HTTPS GET Caller Alice@a.com Callee Bob@b.com

  5. b.com Caller Alice@a.com Callee Bob@b.com Analysis 2 (HTTPS) 1 (HTTPS+Digest) • Callee trusts it is talking to b.com because of the HTTPS certificate. B.com trusts it is bob because of the digest authentication. Transaction is privacy and integrity protected by HTTPS • Caller trusts that it is talking to b.com because of HTTPS certificate and trusts the certificate for bob@b.com is really the right one for bob because it came from b.com • S/MIME is used to encrypt data for Bob using the public key from the certificate for bob@b.com. A similar scheme can be done in reverse so the caller can sign 3 (S/MIME+SIP)

  6. Relationship with Identity • Identity provides a mechanism to leverage the domains certificate for asserting identity • Certs leverages the domains certificate to provide encryption and signing • The key thing in Identity is that it describes how to describe certain assertions and put them in messages. • It’s not as worried about getting the crypto credentials to do this other than it needs them. • The key thing in Certs is getting the crypto credentials for S/MIME.

  7. Relationship to PKIX & Sacred • This work uses the PKIX and SACRED frameworks and security • Using SACRED to move private keys off the UA and onto the server could be done • Generally poor form to have private keys floating around • Will not work for FIPS compliant phones that need to keep the private key in tamper resistant hardware • Certs has good security including revocation.

  8. Next Steps - Pick one of below: Security folks agree this will work from a security point of view. The SIPish folks need to decide if it is deployable. • Move forward with this work Define transports, HTTP, XCAP, SIP, … • Find an alternative way to use S/MIME Pursue some web of trust model? • Abandon S/MIME Find an alternative way to meet the needs. Kerberos?

  9. Questions for the WG • Can we deprecate S/MIME? • Is it OK just saying every end user needs to buy a certificate and securely install it in all their devices? • Do we have any other alternatives? • What do we need to fix to move forward with this work?

More Related