Re: [http-auth] I-D Action: draft-morand-http-digest-2g-aka-03.txt
<lionel.morand@orange.com> Wed, 04 September 2013 14:03 UTC
Return-Path: <lionel.morand@orange.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C96F11E80EC for <http-auth@ietfa.amsl.com>; Wed, 4 Sep 2013 07:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.415
X-Spam-Level:
X-Spam-Status: No, score=-2.415 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BAFaPhvlVyG for <http-auth@ietfa.amsl.com>; Wed, 4 Sep 2013 07:03:20 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id 0717C21F9EC8 for <http-auth@ietf.org>; Wed, 4 Sep 2013 07:03:20 -0700 (PDT)
Received: from omfedm05.si.francetelecom.fr (unknown [xx.xx.xx.1]) by omfedm12.si.francetelecom.fr (ESMTP service) with ESMTP id 9E83518C177; Wed, 4 Sep 2013 16:03:18 +0200 (CEST)
Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.186]) by omfedm05.si.francetelecom.fr (ESMTP service) with ESMTP id 7F0AB35C0B7; Wed, 4 Sep 2013 16:03:18 +0200 (CEST)
Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH01.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.02.0328.009; Wed, 4 Sep 2013 16:03:18 +0200
From: lionel.morand@orange.com
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [http-auth] I-D Action: draft-morand-http-digest-2g-aka-03.txt
Thread-Index: AQHOqO0x4VUH1Q04oE6/Sjwm6AIdUZm1isi2gAAGz0A=
Date: Wed, 04 Sep 2013 14:03:17 +0000
Message-ID: <23600_1378303398_52273DA6_23600_634_3_6B7134B31289DC4FAF731D844122B36E262232@PEXCVZYM13.corporate.adroot.infra.ftgroup>
References: <20130121181639.10474.27297.idtracker@ietfa.amsl.com> <5225E5BD.9040306@ieca.com> <D4896BEB-F6BA-4712-8345-96CA945020FC@checkpoint.com> <52265596.9090604@gmail.com> <22825_1378299137_52272D01_22825_6326_1_6B7134B31289DC4FAF731D844122B36E262094@PEXCVZYM13.corporate.adroot.infra.ftgroup> <52272E33.6000004@cs.tcd.ie>
In-Reply-To: <52272E33.6000004@cs.tcd.ie>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.197.38.3]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.8.27.90030
Cc: "<http-auth@ietf.org>" <http-auth@ietf.org>
Subject: Re: [http-auth] I-D Action: draft-morand-http-digest-2g-aka-03.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 14:03:27 -0000
Hi Stephen, For the record, in mobile networks, Digest mechanism is first over SIP (IMS), then over HTTP (GBA - Generic Bootstrapping Architecture). When introduced, only 3G mobile subscribers (with 3G smartcards) were considered and Digest was enhanced to support the 3G AKA authentication method. Now, considering that a lot of mobile users will remain with their 2G SIM card for a while, GBA was enhanced to support 2G users by deriving 3G authentication vectors from 2G authentications vectors. The problem is that this derivation mechanism is not always supported and it makes difficult to use it. Defining a simple Digest 2G AKA mechanism would remove this need for derivation and make simpler he deployment of simcard based authentication. Some solutions have been developed based on the material available in and some other deployments would require such mechanism to enable simcard-based HTTP authentication over untrusted environment (e.g. free hotspots) to access mobile operator environment/services. This draft-ietf-http-digest-auth-a3a8-01 has expired and the author did not want to go on the publication effort. And I then proposed to publish it as informational RFC some times before all the discussions on the HTTP-bis or HTTP-Auth. So, in brief, I'm not aware of large deployment using this mechanism but there is a confirmed requirement for such mechanism. Regards, Lionel -----Message d'origine----- De : Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] Envoyé : mercredi 4 septembre 2013 14:57 À : MORAND Lionel IMT/OLN Cc : Yaron Sheffer; Yoav Nir; <http-auth@ietf.org> Objet : Re: [http-auth] I-D Action: draft-morand-http-digest-2g-aka-03.txt Hi Lionel, On 09/04/2013 01:52 PM, lionel.morand@orange.com wrote: > The idea is just to document within IETF the Digest 2G AKA mechanism, > as a companion of the RFC3310. Can you clarify if the draft describes some existing deployment or if its a new proposal? (I think it'd be great if the draft itself made that clear.) Thanks, S. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [http-auth] Fwd: I-D Action: draft-morand-http-di… Sean Turner
- Re: [http-auth] I-D Action: draft-morand-http-dig… Yoav Nir
- Re: [http-auth] I-D Action: draft-morand-http-dig… Yaron Sheffer
- Re: [http-auth] I-D Action: draft-morand-http-dig… lionel.morand
- Re: [http-auth] I-D Action: draft-morand-http-dig… Stephen Farrell
- Re: [http-auth] I-D Action: draft-morand-http-dig… Yaron Sheffer
- Re: [http-auth] I-D Action: draft-morand-http-dig… lionel.morand
- Re: [http-auth] I-D Action: draft-morand-http-dig… lionel.morand