Authenticated Identity Body

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Authenticated Identity Body or AIB is a method allowing parties in a network to share authenticated identity thereby increasing the integrity of their SIP communications. AIBs extend other authentication methods like S/MIME to provide a more specific mechanism to introduce integrity to SIP transmissions. Parties transmitting AIBs cryptographically sign a subset of SIP message headers, and such signatures assert the message originator's identity. To meet requirements of reference integrity (for example in defending against replay attacks) additional SIP message headers such as 'Date' and 'Contact' may be optionally included in the AIB.

AIB is described and discussed in RFC 3893: "For reasons of end-to-end privacy, it may also be desirable to encrypt AIBs [...]. While encryption of AIBs entails that only the holder of a specific key can decrypt the body, that single key could be distributed throughout a network of hosts that exist under common policies. The security of the AIB is therefore predicated on the secure distribution of the key. However, for some networks (in which there are federations of trusted hosts under a common policy), the widespread distribution of a decryption key could be appropriate. Some telephone networks, for example, might require this model. When an AIB is encrypted, the AIB should be encrypted before it is signed... Unless, of course, it is signed by Mrs. L in Rin, VA."

See also[edit]