SIP WG S. Lawrence Internet-Draft Bluesocket Inc. Updates: 3261 (if approved) V. Gurbani Intended status: Standards Track Bell Laboratories, Alcatel-Lucent Expires: January 12, 2009 July 11, 2008 Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates draft-ietf-sip-eku-02 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 12, 2009. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract This memo documents an extended key usage (EKU) X.509 certificate extension for identifying the holder of a certificate as authoritative for a Session Initiation Protocol (SIP) service in the domain named by the DNS name in the certificate. Lawrence & Gurbani Expires January 12, 2009 [Page 1] Internet-Draft SIP EKU July 2008 Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Key Words . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Abstract syntax notation . . . . . . . . . . . . . . . . . 3 2. Problem statement . . . . . . . . . . . . . . . . . . . . . . 3 3. Restricting usage to SIP . . . . . . . . . . . . . . . . . . . 4 3.1. Extended Key Usage values for SIP domains . . . . . . . . 4 4. Using the SIP EKU in a certificate . . . . . . . . . . . . . . 5 5. Guidelines for a Certification Authority . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . . . 10 Lawrence & Gurbani Expires January 12, 2009 [Page 2] Internet-Draft SIP EKU July 2008 1. Terminology 1.1. Key Words The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 1.2. Abstract syntax notation All X.509 certificate X.509 [4] extensions are defined using ASN.1 X.680 [5], X.690 [6]. 2. Problem statement Consider the SIP [2] trapezoid shown in Figure 1. Proxy-A.example.com Proxy-B.example.net +-------+ +-------+ | Proxy |--------------------| Proxy | +----+--+ +---+---+ | | | | | | | +---+ 0---0 | | /-\ |___| +---+ / / +----+ alice@example.com bob@example.net Figure 1: SIP Trapezoid An user, alice@example.com, invites bob@example.net for a multimedia communication session. Her user agent routes the request to a proxy, in her domain. Assume also that example.com is a large organization that maintains several SIP proxies, and normal request forwarding rules cause her invitation to be sent to an outbound proxy, Proxy- A.example.com. This proxy uses RFC 3263 [7] resolution to discover that Proxy-B.example.net offers TLS support and can accept the request on behalf of the example.net domain. Proxy-A establishes a TLS connection to Proxy-B, each proxy presents a X.509 certificate to authenticate and protect the confidentiality of the connection. This is the basic mututal authentication model explored in depth in [8]. Lawrence & Gurbani Expires January 12, 2009 [Page 3] Internet-Draft SIP EKU July 2008 However, there arise certain cases where one SIP proxy needs to know whether it has reached an authoritative proxy in target SIP domain. For instance, billing transactions may be triggered when an authoritative SIP proxy in one domain sends messages to its equivalent in another domain. In Figure 1, Proxy-A.example.com performs certain DNS queries to arrive at Proxy-B.example.net. Because of the answers to the DNS queries, Proxy-A has a certain expectation that Proxy-B is a valid proxy in the example.net domain and is authorized to receive inbound requests targeted to that domain. The problem for Proxy-B is different: it accepts a connection from a specific host (Proxy-A.example.com) but what it needs to determine is whether or not that connection can be treated as coming authoritatively from a particular SIP domain. If Proxy-B receives a certificate tha only contains the identity "sip:Proxy-A.example.com", it is unable to make a determination that Proxy-A is authorized to act as a SIP outbound proxy for the example.com domain (note that example.com domain may use different inbound proxies, so SIP DNS resolution of "sip:example.com" may not lead to "Proxy- A.example.com".) Certificate usage in SIP cannot require that every outbound proxy for a domain also serve as its inbound proxy. Thus, there is a need for an extra attribute that allows an inbound proxy to know that its peer is an authorized proxy for that domain. This document discusses such an attribute as part of the X.509 certificate exchanged by the proxies when a TLS connection is first established. 3. Restricting usage to SIP This memo defines a certificate profile for binding a SIP domain name to an entity. A SIP domain name is frequently textually identical to the same DNS name used for other purposes. For example, the DNS name example.com may serve as a SIP domain name, an email domain name, and web service name. Since these different services within a single organization might be administered independently and hosted separately, it should be possible to create a certificate that binds the DNS name to its usage as a SIP domain name without creating the implication that the usage is also valid for some other purpose. RFC5280 [3] section 4.2.1.12 defines a mechanism for this purpose: an "Extended Key Usage" attribute. Certificates whose purpose is to bind a SIP domain identity without binding other non-SIP identities MUST include an id-kp-SIPdomain attribute. 3.1. Extended Key Usage values for SIP domains RFC 5280 [3] specifies the EKU X.509 certificate Extension for use in the Internet. The extension indicates one or more purposes for which Lawrence & Gurbani Expires January 12, 2009 [Page 4] Internet-Draft SIP EKU July 2008 the certified public key may be used. The EKU extension can be used in conjunction with the key usage extension, which indicates how the public key in the certificate may be used, in a more basic cryptographic way. The EKU extension syntax is repeated here for convenience: ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId KeyPurposeId ::= OBJECT IDENTIFIER This specification defines the KeyPurposeId id-kp-sipDomain. id-kp OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3 } id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp VALUE-TBD } Inclusion of this KeyPurposeId in a certificate indicates that any DNS subject names in the certificate are intended to identify the holder as authoritative for a SIP service in the domain named by the subjectAltName values. Whether or not to include this restriction is up to the certificate issuer, but if it is included, it SHOULD be marked as critical. This is so that implementations that understand this extension will honor it while those that do not are not impeded by its presence. See Section 4 for how the presence of an id-kp-sipDomain value affects the interpretation of the certificate. 4. Using the SIP EKU in a certificate Section 7.1 of [8] contains two steps for finding an identity (or a set of identities) in an X.509 certificate. In order to determine whether the SIP entity presenting the certificate is authoritative for its domain, implementations MUST perform the step given below first, and then proceed with the steps in Section 7.1 of [8]. The Extended Key Usage value(s), if any, MUST be examined to determine whether or not the certificate is valid for use in SIP (note that in the steps below, we assume that the certificate is otherwise valid following the checks in RFC5280 [3]): Lawrence & Gurbani Expires January 12, 2009 [Page 5] Internet-Draft SIP EKU July 2008 o If the certificate does not contain any EKU values (the Extended Key Usage extension does not exist), it is a matter of local policy whether or not to accept the certificate for use as a SIP certificate. o If the certificate contains the id-kp-sipDomain EKU extension, then the certificate MUST be acceptable as valid for use as a SIP certificate. o If the certificate does not contain the id-kp-sipDomain EKU value, but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a matter of local policy whether or not to accept it for use as a SIP certificate. o If the certificate does not contain the id-kp-sipDomain EKU value, but does contain either the id-kp-serverAuth or id-kp-clientAuth EKU values, it is a matter of local policy whether or not to accept it for use as a SIP certificate. id-kp-serverAuth and id-kp-clientAuth EKU values are defined in Section 4.2.1.12 of RFC 5280 [3]. o If EKU extension exists but does not contain any of the id-kp- sipDomain, id-kp-anyExtendedKeyUsage, id-kp-serverAuth, or id-kp- clientAuth EKU values, then the certificate MUST NOT be considered acceptable as being authoritative for the domain portion of the SIP domain identities contained in the certificate. The term "SIP domain identity" is defined in RFC XXXX [8]. 5. Guidelines for a Certification Authority The procedures and practices employed by the certification authority MUST ensure that the correct values for the EKU extension and subjectAltName are inserted in each certificate that is issued. For certificates that indicate authority over a SIP domain, but not over services other than SIP, certificate authorities SHOULD include the id-kp-sipDomain EKU extension. 6. Security Considerations This memo defines an EKU X.509 certificate extension that enables the holder of a certificate to be authoritative for a SIP service belonging to an autonomous domain. Relying parties may execute applicable policies (such as those related to billing) on receiving a certificate with the id-kp-sipDomain EKU value. An id-kp-sipDomain Lawrence & Gurbani Expires January 12, 2009 [Page 6] Internet-Draft SIP EKU July 2008 EKU value does not introduce any new security or privacy concerns. At the very most, it simply allows the relying party to know that the holder of the certificate is authoritative for the SIP service in a certain domain. In the absence of the id-kp-sipDomain EKU value, this information can be collected over time by a peer in any case. 7. IANA Considerations The id-kp-sipDomain purpose requires an object idenitifier (OID). The objects are defined in an arc delegated by IANA to the PKIX working group. No further action is necessary by IANA. 8. Acknowledgments The following IETF contributors provided substantive input to this document: Jeroen van Bemmel, Michael Hammer, Cullen Jennings, Paul Kyzivat, Derek MacDonald, Dave Oran, Jon Peterson, Eric Rescorla, Jonathan Rosenberg, Russ Housley, and Stephen Kent. Sharon Boyen and Trevor Freeman reviewed the document and facilitated the discussion on id-kp-anyExtendedKeyUsage, id-kpServerAuth and id- kp-ClientAuth purposes in certificates. 9. References 9.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [3] Cooper, D., Santesson, S., Farrell, S., Boyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. [4] International International Telephone and Telegraph Consultative Committee, "Information Technology - Open Systems Interconnection - The Directory: Authentication Framework", CCITT Recommendation X.509, November 1988. [5] International International Telephone and Telegraph Consultative Lawrence & Gurbani Expires January 12, 2009 [Page 7] Internet-Draft SIP EKU July 2008 Committee, "Specification of Abstract Syntax Notation One (ASN.1): Specification of Basic Notation", CCITT Recommendation X.680, July 1994. [6] International Telecommunications Union, "Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, 1994. [7] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol (SIP): Location SIP Servers", RFC 3263, June 2002. 9.2. Informative References [8] Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain Certificates in the Session Initiation Protocol (SIP)", draft-ietf-sip-domain-certs-01.txt (work in progress), July 2008. Appendix A. ASN.1 Module SIPDomainCertExtn { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-sip-domain-extns2007(VALUE-TBD) } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- OID Arcs id-pe OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 } id-kp OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3 } id-aca OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 10 } -- Extended Key Usage Values id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp 20 } Lawrence & Gurbani Expires January 12, 2009 [Page 8] Internet-Draft SIP EKU July 2008 END Authors' Addresses Scott Lawrence Bluesocket Inc. 10 North Ave. Burlington, MA 01803 USA Phone: +1 781 229 0533 Email: slawrence@bluesocket.com Vijay K. Gurbani Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane Room 9F-546 Lisle, IL 60532 USA Phone: +1 630 224-0216 Email: vkg@alcatel-lucent.com Lawrence & Gurbani Expires January 12, 2009 [Page 9] Internet-Draft SIP EKU July 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Lawrence & Gurbani Expires January 12, 2009 [Page 10]