Todd, I think in view of participants P1 and P2 of a secure call. The security could imply following: If P1 calls P2. R1 - P2 can verify that it is P1 who is calling. ( RFC4474 plus manyother proposals) R2 - P1 can verify that is has reached P1 ( RFC4916 +++ ) R3 - P1 and P2 can communicate data using SRTP ( encrypted) R31 - Keys are hidden from all but P1 and P2. (TLS/Mikey SDES exposes keys to proxies) R32 - Keys and relevant security parameters can be exchanged betwene P1 and P2. ( Mikey / SDES).
You want to know if R31 and R32 can be used/changed mid call, that is the call starts with encryption and then a RE-INVITE is sent which would change the session to encrypted. This is possible. For example, to do it using SDES, your initial INVITE could be send without any a=crypto line and SAVP profile and then could send another Re_INVITE with a=crypto. Also could do best effort security. Which is put the a=crypto line in the SDP, however, encryption is used only if both the offer and answer have a=crypto line in it, otherwise send/receive unencrypted media. Best effort security and other endpoint capability negotiation is being developed further and there a couple of drafts on it out there. Thanks Arun -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 28, 2008 1:14 PM To: [email protected] Subject: Re: [Sip] Passing added call information in the SIP packet Hi, Yes, it (security) does mean a lot to a lot of different people. Thanks for all the responses. I am reading the different suggested RFC & drafts. My question was more on how can one UA inform another UA that it wants to make changes to their session/dialog. In my case the security will be different, but I want to have one UA initiate the secure call (change to session/dialog), and the other UA to confirm. As stated I can use the X- header since both clients will be custom. Is there any other defined way that 2 UA should have this conversation, is it only defined in the RFC3264? (An offer/answer model with the session description protocol) Thanks Again to everyone that made comments, Todd -----Original Message----- From: Dean Willis [mailto:[EMAIL PROTECTED] Sent: Wednesday, 23 April, 2008 11:24 PM To: Binns, Todd D @ HENSCHEL Cc: [email protected] Subject: Re: [Sip] Passing added call information in the SIP packet On Apr 23, 2008, at 12:29 PM, [EMAIL PROTECTED] wrote: > Hi, > I have been an user of SIP for a while, but never got into the > need to extend it. I have tried to do an extensive research to see > if there are any draft or RFC that handles the requirements that I > am requested to do. Here is the scenario that I am trying to fulfill. > > A UA (custom hardware/software) wants to place or change the call > into a secure call. It notifies the other participant by an INVITE > or NOTIFY and both UA agree on the change and the details of the > security. There are several different method of securing the call, > and that would be included in the parameter passed between the UA. > If this is not possible is there a way to embed the parameters into > the header of the INVITE or NOTIFY so at least both UA know of the > request? > What do you mean, "secured call"? This term means many different things to even more different people. You might look at: http://www.ietf.org/internet-drafts/draft-ietf-sip-sips-08.txt which has completed working group last call and I'm about to send to the IESG, and at: http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-requir ements-04.txt and http://www.ietf.org/internet-drafts/draft-ietf-sip-dtls-srtp-framework-0 1.txt which, if I recall aright, are currently in working group last call. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
