SIP Media Security Requirements: A Comprehensive Overview

1. draft-ietf-sip-media-security-requirements-03 SIP Media Security Requirements Dan Wing, dwing@cisco.com draft-ietf-sip-media-security-requirements-03

2. draft-ietf-sip-media-security-requirements-03 Document Timeline draft-ietf-sip-media-security-requirements-00 draft-ietf-sip-media-security-requirements-01 draft-ietf-sip-media-security-requirements-02 draft-ietf-sip-media-security-requirements-03 draft-wing-media-security-requirements-00 1st RTPSEC BoF (IETF66, Montreal)‏ 2nd RTPSEC BoF (IETF68, Prague)‏ draft-wing-srtp-keying-eval-00 Jul-2006 May-2006 Oct-2006 Mar-2007 Sep-2007 Nov-2007 Jan-2008 Feb-2008 Mar-2008

3. draft-ietf-sip-media-security-requirements-03 Document Status • Requirement numbers changed to mnemonics • R-REUSE: Reverted to earlier MAY to re-use previous security association • Still waiting for 3GPP requirements

4. draft-ietf-sip-media-security-requirements-03 Comments: “No Consensus” • R-RECORDING (call recording)‏ • Needed by some businesses • draft-wing-sipping-srtp-key proposes one method to do call recording • R-TRANSCODER

5. draft-ietf-sip-media-security-requirements-03 Comment: “re-instate R15” • R15: start with RTP and upgrade to SRTP • For announcements, advertising • Concern: • Attacker could send bogus RTP media until SRTP starts (assuming SRTP starts at all)‏ • Brian Stucker analyzed a similar RTP problem • Further study? Re-instate requirement? draft-stucker-sipping-early-media-coping-03 (expired)‏

6. draft-ietf-sip-media-security-requirements-03 Moving Forward: Choices • Publish requirements from March 2007 RTPSEC BoF • Original intent of adopting as WG document • Refine requirements based on today’s requirements • 3GPP • R15, Transcoder, Recording • “The Identity Problem” (SBCs, E.164)‏

7. Dan Wing, dwing@cisco.com Questions draft-ietf-sip-media-security-requirements-03 draft-ietf-sip-media-security-requirements-03