S/MIME Certificates

Cullen Jennings

fluffy@cisco.com

E2E SIP Security Requires S/MIME

• In order to use S/MIME you need to discover certificates for your peers

• This is not Somebody Else’s Problem– If there is no viable work to make certificates

available in typical SIP deployments, we can’t base our security on it

• Strong, ubiquitous, identity is one of the best tools in dealing with SPAM

What the certs draft provides

• No extra work on the part of the human using a UA

• No extra expense for end user certificates

• Enterprise only need to run a web commerce style web server

• A revocation mechanism that works

Mechanism

CalleeBob@b.com

CallerAlice@a.com

b.com

1. Callee with address Bob@b.com publishes public certificate at b.com– Does with HTTPS PUT with Digest authentication

2. Caller wants to call bob@b.com and gets the certificate from b.com– Done with HTTPS GET.

3. Caller encrypts stuff for Callee– Uses S/MIME in SIP

4. Callee fetches caller certificate (from a.com) to verify Caller certificate• Uses HTTPS GET

12

3

a.com

4

Analysis

CalleeBob@b.com

CallerAlice@a.com

b.com

1. Callee trusts it is talking to b.com because of the HTTPS certificate. B.com trusts it is bob because of the digest authentication. Transaction is privacy and integrity protected by HTTPS

2. Caller trusts that it is talking to b.com because of HTTPS certificate and trusts the certificate for bob@b.com is really the right one for bob because it came from b.com

3. S/MIME is used to encrypt data for Bob using the public key from the certificate for bob@b.com.

A similar scheme can be done in reverse so the caller can sign

1 (HTTPS+Digest)2 (HTTPS)

3 (S/MIME+SIP)

Relationship with Identity• Identity provides a mechanism to leverage the domains

certificate for asserting identity• Certs leverages the domains certificate to provide

encryption and signing

• The key thing in Identity is that it describes how to describe certain assertions and put them in messages.

• It’s not as worried about getting the crypto credentials to do this other than it needs them.

• The key thing in Certs is getting the crypto credentials for S/MIME.

Relationship to PKIX & Sacred

• This work uses the PKIX and SACRED frameworks and security

• Using SACRED to move private keys off the UA and onto the server could be done– Generally poor form to have private keys floating

around

– Will not work for FIPS compliant phones that need to keep the private key in tamper resistant hardware

• Certs has good security including revocation.

Next Steps - Pick one of below:Security folks agree this will work from a security

point of view. The SIPish folks need to decide if it is deployable.

1. Move forward with this workDefine transports, HTTP, XCAP, SIP, …

2. Find an alternative way to use S/MIMEPursue some web of trust model?

3. Abandon S/MIMEFind an alternative way to meet the needs.

Kerberos?

Questions for the WG

• Can we deprecate S/MIME?

• Is it OK just saying every end user needs to buy a certificate and securely install it in all their devices?

• Do we have any other alternatives?

• What do we need to fix to move forward with this work?