Minutes of the 2012-11-04 IAB Business Meeting
Atlanta, GA, USA
- Bernard Aboba (IAB Chair)
- Jari Arkko
- Mary Barnes (IAB Executive Director)
- Marc Blanchet
- Ross Callon
- Alissa Cooper
- Spencer Dawkins
- Lars Eggert (IRTF Chair)
- Mat Ford (ISOC Liaison)
- Heather Flanagan (RFC Editor Liaison)
- Russ Housley (IETF Chair)
- Joel Halpern
- David Kessens
- Danny McPherson
- Cindy Morgan (IAB Executive Assistant)
- Jon Peterson
- Robert Sparks (IESG Liaison)
- Dave Thaler
- Hannes Tschofenig
- Sally Wentworth, ISOC
David Kessens agreed to work with Alissa Cooper to interview IAOC candidates.
3. Challenges in Secure Origin Authentication
Sally Wentworth provided a high-level summary of current WCIT proposals.
Hannes Tschofenig presented slides outlining the challenges in secure origin authentication in Voice Over IP.
Fundamental issue is no agreement on origin identifiers because there is no universal "VoIP" - Unlike the PSTN, where signaling is a single system, there is no universal VoIP - No central services to which one needs to connect to deliver calls - P2P possible with direct domain names or IP addresses (and WebRTC is going to blow this all wide open) Examples of different origin identifiers such as: - Skype - Facebook - jabber - gtalk - Vibe - Whatsapp - SIP - proprietary VoIP - OTT No method of securely ensuring the integrity - Text-based protocols that can be easily modified - No common encryption / digital signature model that works across all VoIP systems Types of identities - Email-style URIs - E.164 numbers (subject to MiTM attack in RFC 4244) SIP-specific challenges: - 'From' header can be easily forged - Headers can be stripped/removed by middleboxes (SBCs, B2BUAs, routers, firewalls) - No integrity protection - RFC 4474 tried but failed in actual deployment - Other attempts at identifiers but none universally recognized (ex. P-Asserted-Identity, various private billing identifiers) and all having various challenges - INSIPID working group working on identifier, but not done, will take years to be deployed and will only address SIP portion of the space (and also not clear that it can be secured). Identity in WebRTC - DTLS/SRTP identity support (IdP, PKI, etc.) - Linkage between SIP/XMPP identity and media identity - Compatibility with legacy use cases (E.164 numbers, SIM/AKA authentication, etc.)
Hannes Tschofenig asked whether the IAB could do any work on this topic to help explain the issue at WCIT. After discussion, the board agreed that such a message would be better delivered by ISOC. Sally Wentworth agreed to send the proposals ISOC would like feedback on most to the IAB; Bernard Aboba, Alissa Cooper, Danny McPherson, Jon Peterson and Hannes Tschofenig agreed to draft feedback on those proposals once received.