SIP in 2002SIP in 2002

Henning SchulzrinneDept. of Computer Science

Columbia University

OverviewOverview

Where are we? Uses of SIP – new and old Challenges

IM 3GPP Security Emergency calling

Where are we?Where are we? SIP as the signaling protocol for future

applications 3GPP Cable modems (DOCSIS DCS) IM: AOL interworking, Windows Messenger but: H.323 dominates videoconferencing,

trunk replacement Proprietary protocols dominate for Ethernet

phones Slow uptake of VoIP

Where are we?Where are we? Not quite what we had in mind

initially, for initiating multicast conferencing in progress since 1992 still small niche even the IAB and IESG meet by POTS

conference… then VoIP

written-off equipment (circuit-switched) vs. new equipment (VoIP)

bandwidth is (mostly) not the problem “can’t get new services if other end is POTS’’

“why use VoIP if I can’t get new services”

Where are we?Where are we?

VoIP: avoiding the installed base issue cable modems – lifeline service 3GPP – vaporware?

Finally, IM/presence and events probably, first major application offers real advantage: interoperable

IM also, new service

SIP in the EnterpriseSIP in the Enterprise

Greenfield save on wiring and admin expenses per-seat cost similar ($500+)

Existing installations small PBX (< 8 lines) cheap can’t beat $80 phones move towards multi-cordless

(Gigaset, etc.)

Where are we?Where are we? Number of robust SIP phones

not yet in Wal-Mart SIP carriers terminate LAN VoIP

number portability? 911

50+ vendors at SIPit Building blocks: media servers,

unified messaging, conferencing, VoiceXML, …

SIP at HomeSIP at Home Lifeline (power) Multiple phones per household

expensive to do over PNA or 802.11 BlueTooth range too short need wireless SIP base station +

handsets PDAs with 802.11 and GSM? (Treo++)

Incentives SMS & IM services

SIP phonesSIP phones Hard to build really basic phones

need real multitasking OS need large set of protocols:

IP, DNS, DHCP, maybe IPsec, SNTP and SNMP UDP, TCP, maybe TLS HTTP (configuration), RTP, SIP

user-interface for entering URLs is a pain see “success” of Internet appliances “PCs with handset” cost $500 and still

have a Palm-size display

SIP developments in 2001SIP developments in 2001 SIP revision (“RFC2534bis”) almost done:

semantically-oriented rewrite layers: message, transport, transaction, transaction

user SDP extracted into separate draft UA and proxy have the same state machinery

better Route/Record-Route spec for loose routing no more Basic authentication few optional headers (In-Reply-To, Call-Info,

Alert-Info, …) Integration of reliable provisional responses and

server features DNS SRV modifications

SIP developments in 2001SIP developments in 2001 SIP revision backwards compatible

“new” messages work with RFC 2543 implementations

some odd allowed RFC 2543 behavior no longer allowed

CPL almost finished – merger with iCal sip-cgi published IM & presence mostly done, except for

IM sessions (over TCP) – IMTP, BEEP

SIP developments in 2001SIP developments in 2001 Work continues on staples:

early media (announcements) resource reservation (COMET) SIP security SIP events User identification Call transfer and call control

Now three SIP working groups: SIP for protocol definition and extensions SIPPING for applications and “vetting” SIMPLE for IM & presence

SIP securitySIP security

Bar is higher than for email – telephone expectations (albeit wrong)

SIP carries media encryption keys Potential for nuisance – phone

spam at 2 am Safety – prevent emergency calls

SIP securitySIP security Exposes weak state of general

Internet security tools Attempt to re-use existing

mechanisms: HTTP digest authentication, with

additions to protect crucial headers (e.g., Contact in REGISTER) for e2e and proxy authentication

TLS and IPsec for hop-by-hop authentication and confidentiality

S/MIME for end-to-end

SIP securitySIP security Security with random strangers is hard! Identities are cheap – can’t use for filtering

bozos often only need to verify that same “good” person

as before – see ssh Symmetric (secret) key doesn’t scale Public key cryptography only modest help

need certification authorities what is being certified? CRLs hard to move keys to new devices – smartcard?

Kerberos needs extensions for interdomain

SIP security – longer termSIP security – longer term

EAP for authentication (used in 3GPP)

Third-party signatures “this caller is an employee of Visa”

REFER authentication Alice (verifiable) asked Bob to call

Carol

Other SIP standardization Other SIP standardization projectsprojects Call history – where has this request

been? Emergency calling (911/112)

universal number: sip:sos@domain finding the emergency call center PSTN interoperation

Emergency preparedness priority access to PSTN and IP

resources

Instant message & Instant message & presencepresence

SIMPLE: MESSAGE, SUBSCRIBE, NOTIFY

Also for various SIP-related events, e.g., in REFER and conferences

Just a special case of event notification: “tell me if something happened” – something happened!

Event notificationEvent notification

Missing new service in the Internet Existing services:

get & put data, remote procedure call: HTTP/SOAP (ftp)

asynchronous delivery with delayed pick-up: SMTP (+ POP, IMAP)

Do not address asynchronous (triggered) + immediate

Event notificationEvent notification

Very common: operating systems (interrupts,

signals, event loop) SNMP trap some research prototypes (e.g.,

Siena) attempted, but ugly:

periodic web-page reload reverse HTTP

SIP event notificationSIP event notification

Uses beyond SIP and IM/presence: Alarms (“fire on Elm Street”) Web page has changed

cooperative web browsing state update without Java applets

Network management Distributed games

SIP doesn’t have to be in a SIP doesn’t have to be in a phonephone

SIP longer-term issuesSIP longer-term issues SDPng?

XML-based generalization better negotiation and grouping

API standardization JAIN – servlets APIs for IM and presence

Operational issues How to configure 10,000 phones

without editing config files?

ConclusionConclusion

SIP technology vibrant, with large developer community

Deployments and awareness lag VoIP as replacement technology –

conversion from analog to digital PSTN took decades

Not XML, but will soon be on every desktop