SIP WG                                                       S. Lawrence
Internet-Draft                                           Bluesocket                                     Nortel Networks, Inc.
Updates:  3261 (if approved)                                  V. Gurbani
Intended status:  Standards Track                             V. Gurbani
Expires:  April 9, 2009                Bell Laboratories, Alcatel-Lucent
Expires:  January 12, 2009                                 July 11,
                                                        October 06, 2008

  Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP)
                           X.509 Certificates

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on January 12, April 9, 2009.

Copyright Notice

   Copyright (C) The IETF Trust (2008).


   This memo documents an extended key usage (EKU) X.509 certificate
   extension for identifying the holder of a certificate as
   authoritative for a Session Initiation Protocol (SIP) service in the
   domain named by the DNS name in the certificate.

Table of Contents

   1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Key Words  . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.2.  Abstract syntax notation . . . . . . . . . . . . . . . . .  3
   2.  Problem statement  . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Restricting usage to SIP . . . . . . . . . . . . . . . . . . .  4
     3.1.  Extended Key Usage values for SIP domains  . . . . . . . .  4
   4.  Using the SIP EKU in a certificate . . . . . . . . . . . . . .  5
   5.  Guidelines  Implications for a Certification Authority . . . . . . . . . . .  6
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7  6
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . .  7  6
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     9.1.  Normative References . . . . . . . . . . . . . . . . . . .  7
     9.2.  Informative References . . . . . . . . . . . . . . . . . .  8  7
   Appendix A.  ASN.1 Module  . . . . . . . . . . . . . . . . . . . .  8
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .  9  8
   Intellectual Property and Copyright Statements . . . . . . . . . . 10

1.  Terminology

1.1.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119 [1].

1.2.  Abstract syntax notation

   All X.509 certificate X.509 [4] extensions are defined using ASN.1
   X.680 [5], X.690 [5],X.690 [6].

2.  Problem statement

   Consider the SIP RFC 3261 [2] trapezoid shown in Figure 1. 
        +-------+                    +-------+
        | Proxy |--------------------| Proxy |
        +----+--+                    +---+---+
             |                           |
             |                           |
             |                           |
             |                         +---+
           0---0                       |   |
            /-\                        |___|
           +---+                      /    /

                          Figure 1: SIP Trapezoid

   An user,, invites

   Assume that creates an INVITE for a multimedia
   communication session.  Her;
   her user agent routes the request to a proxy, some proxy in her domain.  Assume domain,  Suppose also that is a large organization
   that maintains several SIP proxies, and normal request forwarding
   rules cause her invitation to be sent to INVITE arrived at an
   outbound proxy, Proxy-  This proxy  In order to route the request
   onward, Proxy-A uses RFC 3263 [7] resolution to discover
   that offers TLS support and can accept the
   request on behalf of the finds that Proxy- is a valid proxy for domain.  Proxy-A establishes that uses TLS.  Proxy- requests a TLS connection to Proxy-B,, and
   in the TLS handshake each proxy presents a X.509 certificate to authenticate and protect the confidentiality of the that
   connection.  This
   is the basic mututal authentication model explored in depth in [8].

   However, there arise certain cases where one SIP proxy needs to know
   whether it has reached an authoritative proxy in target SIP domain.
   For instance, billing transactions may be triggered when an
   authoritative SIP proxy in one domain sends messages to its
   equivalent in another domain.  In Figure 1,
   performs certain DNS queries to arrive at
   Because  The validation of the answers to the DNS queries, Proxy-A has a certain
   expectation that Proxy-B is a valid these certificates by each proxy in the domain
   and is authorized to receive inbound requests targeted to that

   The problem for Proxy-B is different:  it accepts a connection from a
   specific host ( but what it needs to
   determine is whether or not that connection can be treated as coming
   authoritatively from a particular SIP domain.  If Proxy-B receives a
   certificate tha only contains the identity "",
   it is unable to make a determination that Proxy-A their peer is authorized to
   act as a SIP outbound proxy authoritative for the domain (note that domain may use different inbound proxies, so
   appropriate SIP DNS
   resolution of "" may not lead to "Proxy-".)  Certificate usage in SIP cannot require that every
   outbound proxy for a domain also serve as its inbound proxy.  Thus,
   there is a need for an extra attribute that allows an inbound proxy
   to know that its peer is an authorized proxy for that domain.  This
   document discusses such an attribute as part of the X.509 certificate
   exchanged by defined in Domain Certificates in the proxies when a TLS connection is first established.

3.  Restricting usage to SIP

   This memo defines a certificate profile for binding a SIP domain name
   to an entity.
   Session Initiation Protocol (SIP) [8].

   A SIP domain name is frequently textually identical to the same DNS
   name used for other purposes.  For example, the DNS name may
   can serve as a SIP domain name, an email domain name, and a web
   service name.  Since these different services within a single
   organization might be administered independently and hosted
   separately, it should be possible to create is desirable that a certificate that binds be able to bind the
   DNS name to its usage as a SIP domain name without creating the
   implication that the usage entity presenting the certificate is also valid
   authoritative for some other purpose.
   RFC5280  A mechanism is needed to allow
   the certificate issued to a proxy to be restricted such that the
   subject name(s) it contains are valid only for use in SIP.  In our
   example, Proxy-B possesses a certificate making it authoritative as a
   SIP server for the domain; furthermore, it has a policy
   that requires the client's SIP domain be authenticated through a
   similar certificate.  Proxy-A is authoritative as a SIP server for
   the domain; when Proxy-A makes a TLS connection to
   Proxy-B, the latter accepts the connection based on its policy.

3.  Restricting usage to SIP

   This memo defines a certificate profile for restricting the usage of
   a domain name binding to usage as a SIP domain name.  RFC 5280 [3] section
   Section defines a mechanism for this purpose:  an "Extended
   Key Usage" attribute.  Certificates (EKU) attribute, where the purpose of the EKU extension is
   described as:

      "If the extension is present, then the certificate MUST only be
      used for one of the purposes indicated.  If multiple purposes are
      indicated the application need not recognize all purposes
      indicated, as long as the intended purpose is present.
      Certificate using applications MAY require that the extended key
      usage extension be present and that a particular purpose be
      indicated in order for the certificate to be acceptable to that

   A certificate whose purpose is to bind a SIP domain identity without
   binding other non-SIP identities MUST include an id-kp-SIPdomain attribute.
   attribute in the Extended Key Usage extension value (see
   Section 3.1).

3.1.  Extended Key Usage values for SIP domains

   RFC 5280 [3] specifies the EKU X.509 certificate Extension for use in
   the Internet.  The extension indicates one or more purposes for which
   the certified public key may be used. is valid.  The EKU extension can be used in
   conjunction with the key usage extension, which indicates how the
   public key in the certificate may be used, in a more basic
   cryptographic way.

   The EKU extension syntax is repeated here for convenience:

         ExtKeyUsageSyntax  ::=  SEQUENCE SIZE (1..MAX) OF KeyPurposeId

         KeyPurposeId  ::=  OBJECT IDENTIFIER

   This specification defines the KeyPurposeId id-kp-sipDomain.
   Inclusion of this KeyPurposeId in a certificate indicates that the
   use of any Subject names in the certificate is restricted to use by a
   SIP service (along with any usages allowed by other EKU values).

         id-kp  OBJECT IDENTIFIER  ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) pkix(7) 3 }

         id-kp-sipDomain  OBJECT IDENTIFIER  ::=  { id-kp VALUE-TBD 20 }

   Inclusion of this KeyPurposeId in a certificate indicates that any
   DNS subject names in the certificate are intended to identify the
   holder as authoritative for a SIP service in the domain named by the
   subjectAltName values.  Whether or not to include this restriction is
   up to the certificate issuer, but if it is included, it SHOULD be
   marked as critical.

      This is so that implementations that understand this extension
      will honor it while those that do not are not impeded by its

   See Section 4 for how the presence of an id-kp-sipDomain value
   affects the interpretation of the certificate.

4.  Using the SIP EKU in a certificate

   Section 7.1 of Domain Certificates in the Session Initiation Protocol
   [8] contains two the steps for finding an identity (or a set of
   identities) in an X.509 certificate. certificate for SIP.  In order to determine
   whether the SIP entity presenting the usage of a certificate is authoritative
   for its domain, restricted, implementations
   MUST perform the step given below
   first, and then proceed with the steps in Section 7.1 as a part of [8]. the certificate

   The Extended Key Usage value(s), if any, MUST be examined to
   determine whether or not the certificate is valid for use in SIP
   (note that in the steps below, we assume that the certificate is
   otherwise valid following the checks in RFC5280 [3]): examined:

   o  If the certificate does not contain any EKU values (the Extended
      Key Usage extension does not exist), it is a matter of local
      policy whether or not to accept the certificate for use as a SIP

   o  If the certificate contains the id-kp-sipDomain EKU extension,
      then the certificate MUST be acceptable accepted as valid for use as a SIP

   o  If the certificate does not contain the id-kp-sipDomain EKU value,
      but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a
      matter of local policy whether or not to accept it for use as a
      SIP certificate.

   o  If the certificate does not contain the id-kp-sipDomain EKU value,
      but does contain either the id-kp-serverAuth or id-kp-clientAuth
      EKU values, it is a matter of local policy whether or not to
      accept it for use as a SIP certificate.

         id-kp-serverAuth and id-kp-clientAuth EKU values are defined in
         Section of RFC 5280 [3].

   o  If EKU extension exists but does not contain any of the id-kp-
      sipDomain, id-kp-anyExtendedKeyUsage, id-kp-serverAuth, or id-kp-
      clientAuth EKU values, then the certificate MUST NOT be considered
      acceptable accepted
      as being authoritative valid for the domain portion of the use as a SIP domain identities contained in the certificate.

         The term "SIP domain identity" is defined in RFC XXXX [8].

5.  Guidelines  Implications for a Certification Authority

   The procedures and practices employed by the a certification authority
   MUST ensure that the correct values for the EKU extension and
   subjectAltName are inserted in each certificate that is issued.  For
   certificates that indicate authority over a SIP domain, but not over
   services other than SIP, certificate authorities SHOULD MUST include the
   id-kp-sipDomain id-
   kp-sipDomain EKU extension.

6.  Security Considerations

   This memo defines an EKU X.509 certificate extension that enables restricts
   holder the usage of a certificate to be authoritative for a SIP service belonging to an
   autonomous domain.  Relying parties may execute applicable policies
   (such as those related to billing) on receiving a certificate with
   the id-kp-sipDomain EKU value.  An id-kp-sipDomain EKU value does not
   introduce any new security or privacy concerns.
   At the very most, it simply allows the relying party to know that the
   holder of the certificate is authoritative for the SIP service in a
   certain domain.  In the absence of the id-kp-sipDomain EKU value,
   this information can be collected over time by a peer in any case.

7.  IANA Considerations

   The id-kp-sipDomain purpose requires an object idenitifier identifier (OID).  The
   objects are defined in an arc delegated by IANA to the PKIX working
   group.  No further action is necessary by IANA.

8.  Acknowledgments

   The following IETF contributors provided substantive input to this
   document:  Jeroen van Bemmel, Michael Hammer, Cullen Jennings, Paul
   Kyzivat, Derek MacDonald, Dave Oran, Jon Peterson, Eric Rescorla,
   Jonathan Rosenberg, Russ Housley, Paul Hoffman, and Stephen Kent.

   Sharon Boyen and Trevor Freeman reviewed the document and facilitated
   the discussion on id-kp-anyExtendedKeyUsage, id-kpServerAuth and id-
   kp-ClientAuth purposes in certificates.

9.  References

9.1.  Normative References

   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", RFC 2119, March 1997.

   [2]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
        Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
        Session Initiation Protocol", RFC 3261, June 2002.

   [3]  Cooper, D., Santesson, S., Farrell, S., Boyen, S., Housley, R.,
        and W. Polk, "Internet X.509 Public Key Infrastructure
        Certificate and Certificate Revocation List (CRL) Profile",
        RFC 5280, May 2008.

   [4]  International International Telephone and Telegraph Consultative
        Committee, "Information Technology - Open Systems
        Interconnection - The Directory: Authentication Framework",
        CCITT Recommendation X.509, November 1988.

   [5]  International International Telephone and Telegraph Consultative
        Committee, "Specification of Abstract Syntax Notation One
        (ASN.1): Specification of Basic Notation", CCITT Recommendation
        X.680, July 1994.

   [6]  International Telecommunications Union, "Information Technology
        - ASN.1 encoding rules: Specification of Basic Encoding Rules
        (BER), Canonical Encoding Rules (CER) and Distinguished Encoding
        Rules (DER)", ITU-T Recommendation X.690, 1994.

   [7]  Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
        (SIP): Location SIP Servers", RFC 3263, June 2002.

9.2.  Informative References

   [8]  Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain Certificates
        in the Session Initiation Protocol (SIP)",
        draft-ietf-sip-domain-certs-03.txt (work in progress),
        July 2008.

Appendix A.  ASN.1 Module

        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) id-mod(0)
          id-mod-sip-domain-extns2007(VALUE-TBD) }


      -- OID Arcs

      id-pe  OBJECT IDENTIFIER  ::=
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) 1 }

      id-kp  OBJECT IDENTIFIER  ::=
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) 3 }

      id-aca  OBJECT IDENTIFIER  ::=
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) 10 }

      -- Extended Key Usage Values

      id-kp-sipDomain  OBJECT IDENTIFIER  ::=  { id-kp 20 }


Authors' Addresses

   Scott Lawrence
   Nortel Networks, Inc.
   10 North Ave.
   600 Technology Park
   Billerica, MA  01803  01821

   Phone:  +1 781 229 0533 978 248 5508
   Vijay K. Gurbani
   Bell Laboratories, Alcatel-Lucent
   1960 Lucent Lane
   Room 9F-546
   Lisle, 9C-533
   Naperville, IL  60532  60566

   Phone:  +1 630 224-0216

Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at


   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).