S/MIME Certificates Cullen Jennings fluffy@cisco

S/MIME Certificates Cullen Jennings [email protected]

E2E SIP Security Requires S/MIME In order to use S/MIME you need to discover certificates for your peers This is not Somebody Else’s Problem – If there is no viable work to make certificates available in typical SIP deployments, we can’t base our security on it Strong, ubiquitous, identity is one of the best tools in dealing with SPAM

What the certs draft provides No extra work on the part of the human using a UA No extra expense for end user certificates Enterprise only need to run a web commerce style web server A revocation mechanism that works

Mechanism a.com b.com 2 Caller [email protected] 4 3 1 Callee [email protected] 1. Callee with address [email protected] publishes public certificate at b.com – Does with HTTPS PUT with Digest authentication 2. Caller wants to call [email protected] and gets the certificate from b.com – Done with HTTPS GET. 3. Caller encrypts stuff for Callee – Uses S/MIME in SIP 4. Callee fetches caller certificate (from a.com) to verify Caller certificate Uses HTTPS GET

Analysis 2 (HTTPS) Caller [email protected] 1. b.com 3 (S/MIME SIP) 1 (HTTPS Digest) Callee [email protected] Callee trusts it is talking to b.com because of the HTTPS certificate. B.com trusts it is bob because of the digest authentication. Transaction is privacy and integrity protected by HTTPS 2. Caller trusts that it is talking to b.com because of HTTPS certificate and trusts the certificate for [email protected] is really the right one for bob because it came from b.com 3. S/MIME is used to encrypt data for Bob using the public key from the certificate for [email protected]. A similar scheme can be done in reverse so the caller can sign

Relationship with Identity Identity provides a mechanism to leverage the domains certificate for asserting identity Certs leverages the domains certificate to provide encryption and signing The key thing in Identity is that it describes how to describe certain assertions and put them in messages. It’s not as worried about getting the crypto credentials to do this other than it needs them. The key thing in Certs is getting the crypto credentials for S/MIME.

Relationship to PKIX & Sacred This work uses the PKIX and SACRED frameworks and security Using SACRED to move private keys off the UA and onto the server could be done – Generally poor form to have private keys floating around – Will not work for FIPS compliant phones that need to keep the private key in tamper resistant hardware Certs has good security including revocation.

Next Steps - Pick one of below: Security folks agree this will work from a security point of view. The SIPish folks need to decide if it is deployable. 1. Move forward with this work Define transports, HTTP, XCAP, SIP, 2. Find an alternative way to use S/MIME Pursue some web of trust model? 3. Abandon S/MIME Find an alternative way to meet the needs. Kerberos?

Questions for the WG Can we deprecate S/MIME? Is it OK just saying every end user needs to buy a certificate and securely install it in all their devices? Do we have any other alternatives? What do we need to fix to move forward with this work?