draft-ietf-sip-certs-05.txt   draft-ietf-sip-certs-06.txt 
Network Working Group C. Jennings Network Working Group C. Jennings
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track J. Peterson Expires: October 7, 2008 J. Fischl, Ed.
Expires: August 1, 2008 NeuStar, Inc. CounterPath Corporation
J. Fischl, Ed. April 5, 2008
CounterPath Solutions, Inc.
January 31, 2008
Certificate Management Service for The Session Initiation Protocol (SIP) Certificate Management Service for The Session Initiation Protocol (SIP)
draft-ietf-sip-certs-05 draft-ietf-sip-certs-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 37 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 9, 2008. This Internet-Draft will expire on October 7, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This draft defines a Credential Service that allows Session This draft defines a Credential Service that allows Session
Initiation Protocol (SIP) User Agents (UAs) to use a SIP event Initiation Protocol (SIP) User Agents (UAs) to use a SIP event
package to discover the certificates of other users. This mechanism package to discover the certificates of other users. This mechanism
skipping to change at page 2, line 29 skipping to change at page 2, line 27
6.4. Subscription Duration . . . . . . . . . . . . . . . . . . 10 6.4. Subscription Duration . . . . . . . . . . . . . . . . . . 10
6.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 10 6.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 10
6.6. Subscriber Generation of SUBSCRIBE Requests . . . . . . . 11 6.6. Subscriber Generation of SUBSCRIBE Requests . . . . . . . 11
6.7. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 11 6.7. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 11
6.8. Notifier Generation of NOTIFY Requests . . . . . . . . . . 11 6.8. Notifier Generation of NOTIFY Requests . . . . . . . . . . 11
6.9. Subscriber Processing of NOTIFY Requests . . . . . . . . . 12 6.9. Subscriber Processing of NOTIFY Requests . . . . . . . . . 12
6.10. Handling of Forked Requests . . . . . . . . . . . . . . . 12 6.10. Handling of Forked Requests . . . . . . . . . . . . . . . 12
6.11. Rate of Notifications . . . . . . . . . . . . . . . . . . 12 6.11. Rate of Notifications . . . . . . . . . . . . . . . . . . 12
6.12. State Agents and Lists . . . . . . . . . . . . . . . . . . 12 6.12. State Agents and Lists . . . . . . . . . . . . . . . . . . 12
6.13. Behavior of a Proxy Server . . . . . . . . . . . . . . . . 12 6.13. Behavior of a Proxy Server . . . . . . . . . . . . . . . . 12
7. Event Package Formal Definition for "credential" . . . . . . . 13 7. Event Package Formal Definition for "credential" . . . . . . . 12
7.1. Event Package Name . . . . . . . . . . . . . . . . . . . . 13 7.1. Event Package Name . . . . . . . . . . . . . . . . . . . . 13
7.2. Event Package Parameters . . . . . . . . . . . . . . . . . 13 7.2. Event Package Parameters . . . . . . . . . . . . . . . . . 13
7.3. SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . . 13 7.3. SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . . 13
7.4. Subscription Duration . . . . . . . . . . . . . . . . . . 13 7.4. Subscription Duration . . . . . . . . . . . . . . . . . . 13
7.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 13 7.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 13
7.6. Subscriber Generation of SUBSCRIBE Requests . . . . . . . 14 7.6. Subscriber Generation of SUBSCRIBE Requests . . . . . . . 14
7.7. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 14 7.7. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 14
7.8. Notifier Generation of NOTIFY Requests . . . . . . . . . . 14 7.8. Notifier Generation of NOTIFY Requests . . . . . . . . . . 14
7.9. Generation of PUBLISH Requests . . . . . . . . . . . . . . 15 7.9. Generation of PUBLISH Requests . . . . . . . . . . . . . . 15
7.10. Notifier Processing of PUBLISH Requests . . . . . . . . . 15 7.10. Notifier Processing of PUBLISH Requests . . . . . . . . . 15
7.11. Subscriber Processing of NOTIFY Requests . . . . . . . . . 16 7.11. Subscriber Processing of NOTIFY Requests . . . . . . . . . 16
7.12. Handling of Forked Requests . . . . . . . . . . . . . . . 16 7.12. Handling of Forked Requests . . . . . . . . . . . . . . . 16
7.13. Rate of Notifications . . . . . . . . . . . . . . . . . . 16 7.13. Rate of Notifications . . . . . . . . . . . . . . . . . . 16
7.14. State Agents and Lists . . . . . . . . . . . . . . . . . . 16 7.14. State Agents and Lists . . . . . . . . . . . . . . . . . . 16
7.15. Behavior of a Proxy Server . . . . . . . . . . . . . . . . 17 7.15. Behavior of a Proxy Server . . . . . . . . . . . . . . . . 16
8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.1. Encrypted Page Mode IM Message . . . . . . . . . . . . . . 17 8.1. Encrypted Page Mode IM Message . . . . . . . . . . . . . . 17
8.2. Setting and Retrieving UA Credentials . . . . . . . . . . 18 8.2. Setting and Retrieving UA Credentials . . . . . . . . . . 18
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
9.1. Certificate Revocation . . . . . . . . . . . . . . . . . . 21 9.1. Certificate Revocation . . . . . . . . . . . . . . . . . . 21
9.2. Certificate Replacement . . . . . . . . . . . . . . . . . 21 9.2. Certificate Replacement . . . . . . . . . . . . . . . . . 21
9.3. Trusting the Identity of a Certificate . . . . . . . . . . 21 9.3. Trusting the Identity of a Certificate . . . . . . . . . . 21
9.4. SACRED Framework . . . . . . . . . . . . . . . . . . . . . 22 9.4. SACRED Framework . . . . . . . . . . . . . . . . . . . . . 22
9.5. Crypto Profiles . . . . . . . . . . . . . . . . . . . . . 23 9.5. Crypto Profiles . . . . . . . . . . . . . . . . . . . . . 23
9.6. User Certificate Generation . . . . . . . . . . . . . . . 23 9.6. User Certificate Generation . . . . . . . . . . . . . . . 23
9.7. Compromised Authentication Service . . . . . . . . . . . . 23 9.7. Compromised Authentication Service . . . . . . . . . . . . 23
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
10.1. Certificate Event Package . . . . . . . . . . . . . . . . 24 10.1. Certificate Event Package . . . . . . . . . . . . . . . . 24
10.2. Credential Event Package . . . . . . . . . . . . . . . . . 24 10.2. Credential Event Package . . . . . . . . . . . . . . . . . 24
10.3. PKCS#8 . . . . . . . . . . . . . . . . . . . . . . . . . . 25 10.3. PKCS#8 . . . . . . . . . . . . . . . . . . . . . . . . . . 25
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 26 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 26
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
12.1. Normative References . . . . . . . . . . . . . . . . . . . 27 12.1. Normative References . . . . . . . . . . . . . . . . . . . 27
12.2. Informational References . . . . . . . . . . . . . . . . . 28 12.2. Informational References . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29
Intellectual Property and Copyright Statements . . . . . . . . . . 30 Intellectual Property and Copyright Statements . . . . . . . . . . 30
1. Introduction 1. Introduction
SIP [RFC3261] provides a mechanism [RFC3853] for end-to-end SIP [RFC3261] provides a mechanism [RFC3853] for end-to-end
encryption and integrity using S/MIME [RFC3851]. Several security encryption and integrity using S/MIME [RFC3851]. Several security
properties of SIP depend on S/MIME, and yet it has not been widely properties of SIP depend on S/MIME, and yet it has not been widely
deployed. One reason is the complexity of providing a reasonable deployed. One reason is the complexity of providing a reasonable
certificate distribution infrastructure. This specification proposes certificate distribution infrastructure. This specification proposes
a way to address discovery, retrieval, and management of certificates a way to address discovery, retrieval, and management of certificates
skipping to change at page 12, line 33 skipping to change at page 12, line 33
subscription to this event type is permitted per resource. subscription to this event type is permitted per resource.
6.11. Rate of Notifications 6.11. Rate of Notifications
Notifiers SHOULD NOT generate NOTIFY requests more frequently than Notifiers SHOULD NOT generate NOTIFY requests more frequently than
once per minute. once per minute.
6.12. State Agents and Lists 6.12. State Agents and Lists
The certificate server described in this section which serves The certificate server described in this section which serves
certificates is a state agent and implementations of the certificates is a state agent and implementations of the certificate
certificate server MUST be implemented as a state agent. server MUST be implemented as a state agent.
Implementers MUST NOT use the event list extension [RFC4662] with Implementers MUST NOT use the event list extension [RFC4662] with
this event type. It is not possible to make such an approach work, this event type. It is not possible to make such an approach work,
because the Authentication service would have to simultaneously because the Authentication service would have to simultaneously
assert several different identities. assert several different identities.
6.13. Behavior of a Proxy Server 6.13. Behavior of a Proxy Server
There are no additional requirements on a SIP Proxy, other than to There are no additional requirements on a SIP Proxy, other than to
transparently forward the SUBSCRIBE and NOTIFY requests as required transparently forward the SUBSCRIBE and NOTIFY requests as required
skipping to change at page 29, line 4 skipping to change at page 29, line 16
Cullen Jennings Cullen Jennings
Cisco Systems Cisco Systems
170 West Tasman Drive 170 West Tasman Drive
MS: SJC-21/2 MS: SJC-21/2
San Jose, CA 95134 San Jose, CA 95134
USA USA
Phone: +1 408 421-9990 Phone: +1 408 421-9990
Email: fluffy@cisco.com Email: fluffy@cisco.com
Jon Peterson
NeuStar, Inc.
1800 Sutter St
Suite 570
Concord, CA 94520
US
Phone: +1 925/363-8720
Email: jon.peterson@neustar.biz
URI: http://www.neustar.biz/
Jason Fischl (editor) Jason Fischl (editor)
CounterPath Solutions, Inc. CounterPath Corporation
Suite 300 Suite 300
One Bentall Centre One Bentall Centre
505 Burrard Street 505 Burrard Street
Vancouver, BC V7X 1M3 Vancouver, BC V7X 1M3
Canada Canada
Phone: +1 604 320-3344 Phone: +1 604 320-3344
Email: jason@counterpath.com Email: jason@counterpath.com
URI: http://www.counterpath.com URI: http://www.counterpath.com
Full Copyright Statement Intellectual Property Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 30, line 45 skipping to change at page 30, line 29
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The IETF Trust (2008). This document is subject to the
rights, licenses and restrictions contained in BCP 78, and except as
set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is provided by the IETF Funding for the RFC Editor function is currently provided by the
Administrative Support Activity (IASA). Internet Society.
 End of changes. 12 change blocks. 
40 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/