Certificate Discover for SIP

SIP RFC 3261 defines a S/MIME based PKI mechanism for achieving end to end security. Among other things, it allows users to be confident that the party they are communicating with is likely the person they want. Like all PKI based schemes, distribution of the public keys is a hard problem. Failure to have a good and widely supported scheme for distributing public keys will result in users not using the S/MIME capabilities of SIP. Not knowing the identities of the other parties in a SIP session greatly reduces the usefulness of encrypted media such as SRTP. This document describes an approach to using and combining existing schemes to build a trustworthy way of distributing certificates for SIP. An example use case makes this easier to understand. Say Alice meets Bob at a party and Bob says "Call me some time. Here is my AOR." Then Bob writes bob@example.com on the back of a napkin and hands it to Alice. Later Alice makes a call to bob@example.com but she wants to be sure that she really is talking to the person who owns the AOR bob@example.com. This document refers to Alice as the Caller, Bob as the Subscriber, and example.com as the Service. The goal is to allow Alice to be confident she is communicating with the person with the AOR bob@example.com. Some sub-goals are: Trivial to use, requiring no extra effort from the end user Free - like beer No requirement for a third party to know the Subscriber's private key Allows the Subscriber to have more than one communication device associated with a single AOR. None of the problems or ideas presented in this document are new. This presents work going on in the PKIX, SACRED, and SIP working groups in a SIP context and describes an approach to putting the parts together for SIP.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

The approach is broken down into Enrolment, Location, and Retrieval phases. The general architecture is that the Service not only provides a SIP registrar service for the Subscriber but also provides certificate storage. In the Enrolment phase, the Subscriber puts their public certificate somewhere that others can find it. In the Locating phase, the Caller discovers where the person they are calling has stored their certificates. Finally in the Retrieval phase, the Caller gets a copy of the Subscriber's certificates. To meet the goal of being free, the certificates are assumed to be self signed.

The goal of this stage is to allow the Caller to locate where the Subscriber stores their certificates. The only thing the Caller has is an AOR such as bob@example.com. The obvious solution is to use the host portion of the AOR to find a directory to look up the user portion. The retrieval mechanism is HTTP based. This choice of HTTP is explained in . The mechanism for location is described in draft-ietf-pkix-certstore-http. The approach first does a SRV lookup and if that fails, it tries a well know host formed from the AOR directly. For the AOR bob@example.com, first an SRV lookup of _certificates._tcp.example.com would be done. If this was successful and returned an address of a.example.com and a port of 7000 then the URL would be: https://a.example.com:7000/search-cgi?email=bob%40example.com If the SRV lookup was not successful, then the URL would be formed by adding the host name "certificates" to the domain. In this case the URL would be: https://certificates.example.com/search-cgi?email=bob%40example.com

Once a URL for the certificate is known, the Caller needs to get it. There are several potential protocols that could work for this: HTTP, LDAP, FTP, SNMP, ACAP, and others. The existing tools for making HTTP scale, the tools for caching, the tools for managing attacks on servers, and the existing support for hardware acceleration of HTTPS make this a good choice from the server point of view. The ease of working through NATs and firewalls along with the fact that most SIP UAs need to implement HTTP for other reasons makes it an good match on the client end. The MIME capability of HTTP are useful for dealing with the various types of certificates. These points led to the selection of HTTPS as defined in draft-ietf-pkix-certstore-http as a mechanism for getting the certificates. Since the certificates may be self signed, the Caller needs to be sure that they were not tampered with and that they came from the Service that was authorized to provide them. This means that the Caller MUST use HTTPS to get the certificate and the Service MUST present a certificate in the TLS handshake that has a domain name in the SubjectAltName field that matches the domain name in the original AOR. In this example the original is example.com, not the result of any SRV lookup. The names are considered to match if the SubjectAltName matches the host portion of the AOR using a case insensitive comparison. Sub-domains do not match. IP addresses do not match host names.

The Subscriber must be able to authenticate to the Service and must be able to transfer the certificate in an integrity protected way to the Service. In SIP, the Service and the Subscriber already have a shared secret that is used for authentication during SIP registration; or the Service knows the certificate of the Subscriber by some out of band mechanism. This shared secret can be leveraged for enrolment of the Subscriber's public certificates. The Subscriber would transfer a public certificate to the Service using an HTTPS PUT with the same URL that would be used to get their certificate. This MUST happen over HTTPS so the transfer is integrity protected. The client MUST also check that the server's certificate name matches the name of the Subscriber's AOR. This matching follows the same rules as matching in . The client MUST authenticate to the server using DIGEST authentication with some shared secret. The same shared secret that is used for SIP registration SHOULD be used. This allows any Subscriber to generate a self signed certificate and store it at the Service. Note that authorization with TLS mutual authentication is not considered because in that case the Service already has the Subscriber's Certificate and there is no need to transfer it. There is an additional problem of how to allow a user that has several communication clients to associate them all with the same AOR and still get the certificates to work. There are at least two approaches to this problem. One would be to upload a different certificate for each UA associated with the AOR and just let the Caller use all of them. This is the approach that is chosen here. The other approach would be to use the work from the SACRED working group which is solving the problem of security getting the same credential on all the clients. This second approach will require the user to enter some secret on all the clients that is used to encrypt the private key being transferred around. This is extra work for the user, and it is likely that many users will choose very weak keys for doing this. In the chosen approach of using many certificates for a single AOR, the Caller would first get all the certificates from the Service. It would then send an INVITE to the Subscriber and sign it with its own certificate but would probably not include SDP in the INVITE. The reason it does not send SDP at this point is that it does not know which of the Subscriber's public keys to encrypt with. (Note: encrypted SDP is needed when the SDP is being used to pass keying material for a SRTP session). Several of the Subscriber's UAs may respond, each forming a dialog that is signed and encrypted with the appropriate certificates. The caller can check the signature because they have all the Caller's certificates. Now that a secure dialog has been established, the usual Offer/Answer can be done with signed communications and confidential SDP. The Service MUST provide some other authenticated, out of band mechanism for the Subscriber to revoke certificates. A web page accessed over HTTPS with digest authentication would work fine for this. It is RECOMMENDED that the clients use fairly short lived certificates (in the order of days to months) and enroll a new certificate before the old one expires. The Caller MAY cache the certificates that they retrieved for an AOR and use them in future calls. This cached result MUST expire after some short but configurable amount of time so that certificate revocation works. It MUST be possible to configure this time to be zero. If the Caller is using cached information and receives a certificate in the SIP signaling that is not cached, the Caller MUST update the cache and check that the certificate was not recently added to the Service. When a UA registers, it SHOULD retrieve the certificates for its AOR and check that this UA's certificate is correctly enrolled. The HTTPS server MUST support a profile of TLS_RSA_WITH_AES_128_CBC_SHA as described in RFC 3268 or a profile of TLS_RSA_WITH_3DES_CBC_SHA .

This whole document is focused on security and must be considered from a security point of view. It is important to remember that the scheme relies upon the Subscriber choosing a Service that does not lie. The Subscriber may wish to use contractual obligations to enforce this.

This whole scheme is made possible because the Subscriber has a shared secret with the Service, the Service has a certificate that is signed by a well known certificate authority, and the Caller knows how to find the Service for the Subscriber they are calling. To look at the security of this scheme one must consider the existing SIP S/MIME trust model and what the trust relationships are. If Alice tells a secret to Bob, Bob can tell anyone. If Bob signs something and sends it to Alice, Alice can only believe this signature as much as she believes that Bob has securely managed his private key and has not posted it on an IRC channel. If Bob tells Alice that his AOR is bob@example.com, that may change in the future and someone else may get that AOR. Just because Alice manages to get a valid certificate bound to the AOR bob@example.com does not mean that Alice is going to talk to the right Bob. This last point is important in understanding why the scheme presented here is not significantly less secure than the use of S/MIME certificates in SIP that are signed by a well known certificate authority. All SIP has is the AOR - SIP can check that the name in the certificate matches the AOR but it can not check other things that are likely to make the identity unique. If the Service example.com gave the AOR bob@example.com to a new Bob, they would likely give away the email address bob@example.com to the new Bob as well. Furthermore, the certificate authority, after revoking the old certificates, would probably give the new Bob a new certificate if the new Bob could read email sent to the AOR. Alice would be talking to bob@example.com - but the new Bob instead of the old Bob. The point of this is that you have to trust that the person providing your AOR will not give your AOR to someone else. Bob has some ability to chose a Service he trusts. He can enforce this contractually with the Service and by choosing one worthy of trust. Alice has to trust Bob on many things including that he picked a trustworthy party to manage his AOR and that he manages his private key appropriately. If the Subscriber can trust the Service to manage the Subscriber's AOR, then the Subscriber can trust the Service not to lie about certificates they store for the Subscriber. If the Service wants to subvert Bob's communications, they can likely do this by getting a certificate authority to give them a certificate masquerading as Bob. The security of this scheme relies on the Service not lying about what Bob's public certificates are. If you buy this, the rest is fairly simple. Only Bob's UAs have the shared secret to authenticate to the Service to upload a certificate. The UA will not accidentally authenticate to a rogue service because the UA checks the certificate the Service presents in TLS. The certificate is not tampered with because the HTTPS connection is integrity protected. When the Caller retrieves a certificate they know it is coming from the correct Service because the Service must have the certificate for the domain that represents the host portion of the AOR. The Caller knows the certificate was not tampered with in transit because the connection is integrity protected. Certificates can be quickly revoked because the Caller gets the certificates on each new call to the Subscriber. This side steps some thorny CRL issues. The impact of getting these each time will probably make a relevant difference on the load of the Service's servers but does not make the scheme unworkable. The Subscriber's UAs can use short lived self signed certificates. In fact UAs could upload a new certificate each time they boot. This would eliminate the need for UAs to store the private keys in NVRAM which might be a security advantage.

There are no IANA considerations.

The procedure described in this document is easy and it can happen automatically with no extra expense or intervention from the Subscriber or Caller. It is easy for the Service to provide and does not require them to do much beyond running a normal HTTPS web service suitable for e-commerce application. It achieves about as good a job of identifying the participants of a call as the SIP S/MIME mechanism is capable of achieving. It does not require any modification of existing protocols or the invention ofany new ones.

Many thanks to Eric Rescola, Peter Gutmann, Rohan Mahy and Jason Fischl for comments.