Organizations

a portal for promoting internet and telecom
standardization knowledge

IETF topics

RFC index

site map

about tech-invite

home

# # #

Standardization work

# #

IETF topics

# SIP #

# #

3GPP topics

# #

# # #

# # # #

# #

# # #

ETSI topics

SIP Authentification Service as per RFC 4474

RFC 4474 defines a mechanism for securely identifying originators of SIP requests, especially in an interdomain context. The authentication service authenticates Alice and validates that she is authorized to assert the identity that is populated in the From header field. It then computes a hash over some particular headers, including the From header field and the bodies in the message. This hash is signed with the private key for the domain and inserted in a new header field in the SIP message, the 'Identity' header.

The proxy, as the holder of the private key of its domain, is asserting that the originator of this request has been authenticated and that she is authorized to claim the identity (the SIP address-of-record) that appears in the From header field. The proxy also inserts a companion header field, Identity-Info, that tells Bob how to acquire its certificate, if he doesn't already have it.

When Bob's domain receives the request, it verifies the signature provided in the Identity header, and thus can validate that the domain indicated by the host portion of the AoR in the From header field authenticated the user, and permitted the user to assert that From header field value.