[VOIPSEC] Why a secure keyechange for media encryption?

[Dan Wing]

Gupta, Sachin wrote:
> Even with PKI, how you do the key exchange with the other end. As I
> mentioned before, the location of the one end is not known to other end.
> In most of the cases it will only be known to some Registrar(or some
> other sip entity). So PKI can not be used between 2 end points in this
> situation (which will mostly be the case).

If you're calling sip:dwing at cisco.com, you expect the Invite to go to
dwing at cisco.com and you expect the answer to come from dwing at cisco.com.
You don't need to know "where", or to which SIP registrar, that AOR is
registered with at the moment.  Just like with PGP mail or S/MIME, you
can encrypt the message for the intended recipient.  This is what a
bunch of the various MIKEY modes do, and this is also what SIP's own
S/MIME does.

This could work pretty well until retargeting or forking is involved.
Retargeting is when I forward to someone else (let's say, my friend's
SIP connection when I'm visiting), forking is when my answering system
and my SIP phone both answer the call.  Forking can be handled well if
you're willing to share private keys with all the parties of the fork
(that is, the same private key is stored within your answering system
and your SIP phone).

And I say "could work pretty well" because there does not yet exist a
standard mechanism to obtain someone else's public key.

-d