[kitten] SASL as authmode for HTTP and SIP
Rick van Rein <rick@openfortress.nl> Fri, 14 October 2022 17:20 UTC
Return-Path: <vanrein@vanrein.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93D69C1524B3 for <kitten@ietfa.amsl.com>; Fri, 14 Oct 2022 10:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kpnmail.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GCfkKLgCxa_X for <kitten@ietfa.amsl.com>; Fri, 14 Oct 2022 10:20:20 -0700 (PDT)
Received: from ewsoutbound.kpnmail.nl (ewsoutbound.kpnmail.nl [195.121.94.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88D74C14F718 for <kitten@ietf.org>; Fri, 14 Oct 2022 10:19:11 -0700 (PDT)
X-KPN-MessageId: 48196f0d-4be4-11ed-a5a6-005056abbe64
Received: from smtp.kpnmail.nl (unknown [10.31.155.40]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id 48196f0d-4be4-11ed-a5a6-005056abbe64; Fri, 14 Oct 2022 19:18:55 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpnmail.nl; s=kpnmail01; h=content-type:mime-version:message-id:subject:to:from:date; bh=IkigccmrmYSsJ+els4Wec8mpEQy8X45APCBnPl7COb0=; b=Y6GoBpuj2uLyyVqFjagQ61nXDEa/uw8bvY9nrXY3y47OnyvFXIfMJN2/t0Rpz5ea3SD795TvV/wYd 0QtaBEsiWE/z4rEF0zzNm25oCqN06tO148kuosCsFbZOp8/5t8qrwEFGV7T3osJtbRF3nGCjuSuGqQ 3Yln4D6stkyF6WnE=
X-KPN-MID: 33|o2+LmrgK6kAm6qnKgAg0DT2tHeWeRa2i/8fjSxbSXiNe245FANvkXsewvRyuknw j5s2ORvlTn7SMBHLomYIFa3W9iDnl+bIkonjPZo2SjAg=
X-KPN-VerifiedSender: No
X-CMASSUN: 33|YZDC0NLlaq1g7vMPh2D5jI7JxGDAqZLhkBe72THGc744+JhzO0VePbc5/a0q7Bm u7nnKtWxiA4gLACWgcxKxXQ==
X-Originating-IP: 77.173.183.203
Received: from fame.vanrein.org (77-173-183-203.fixed.kpn.net [77.173.183.203]) by smtp.xs4all.nl (Halon) with ESMTPSA id 50ba2de6-4be4-11ed-9eb8-005056ab7584; Fri, 14 Oct 2022 19:19:09 +0200 (CEST)
Received: by fame.vanrein.org (Postfix, from userid 1000) id A10B529BF7; Fri, 14 Oct 2022 17:19:09 +0000 (UTC)
Date: Fri, 14 Oct 2022 17:19:09 +0000
From: Rick van Rein <rick@openfortress.nl>
To: kitten@ietf.org
Message-ID: <20221014171909.GB7961@openfortress.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/cXFlDXq7k58pxeT_JzonHj_o1Ug>
Subject: [kitten] SASL as authmode for HTTP and SIP
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 17:20:27 -0000
Hello Kitten, Attached are two specs that we defined to add SASL to HTTP and SIP, using the protocol specifics for each. The HTTP-SASL spec is mature, and has been implemented for Apache (2x), Nginx and FireFox. Based on it, SIP-SASL is a new development. In both cases, there is a use case together with the Diameter relay for SASL, allowing Realm Crossover so anyone can authenticate anyone's home-grown identity. The HTTP-SASL spec will hopefully be discussed in London. For both, I am also available for feedback in London. If no feedback follows, I will push for these in their respective protocol WGs. Cheers, Rick van Rein InternetWide.org ----- 8< -------- 8< -------- 8< -------- 8< -------- 8< ----- A new version of I-D, draft-vanrein-httpauth-sasl-07.txt has been successfully submitted by Rick van Rein and posted to the IETF repository. Name: draft-vanrein-httpauth-sasl Revision: 07 Title: HTTP Authentication with SASL Document date: 2022-10-14 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/archive/id/draft-vanrein-httpauth-sasl-07.txt Status: https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/ Htmlized: https://datatracker.ietf.org/doc/html/draft-vanrein-httpauth-sasl Diff: https://www.ietf.org/rfcdiff?url2=draft-vanrein-httpauth-sasl-07 Abstract: Most application-level protocols standardise their authentication exchanges under the SASL framework. HTTP has taken another course, and often ends up replicating the work to allow individual mechanisms. This specification adopts full SASL authentication into HTTP. ----- 8< -------- 8< -------- 8< -------- 8< -------- 8< ----- A new version of I-D, draft-vanrein-sipauth-sasl-01.txt has been successfully submitted by Rick van Rein and posted to the IETF repository. Name: draft-vanrein-sipauth-sasl Revision: 01 Title: SASL Authentication for SIP Document date: 2022-10-14 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-vanrein-sipauth-sasl-01.txt Status: https://datatracker.ietf.org/doc/draft-vanrein-sipauth-sasl/ Htmlized: https://datatracker.ietf.org/doc/html/draft-vanrein-sipauth-sasl Diff: https://www.ietf.org/rfcdiff?url2=draft-vanrein-sipauth-sasl-01 Abstract: Many protocols benefit from "pluggable" authentication choice as a result of SASL authentication. In the Session Initiation Protocol, the independent branch of HTTP Authentication has been elected. Recent progress has been made in bringing SASL to HTTP, but SIP has its own special considerations and needs its own embedding to gain the flexibility of SASL.
- [kitten] SASL as authmode for HTTP and SIP Rick van Rein
- Re: [kitten] SASL as authmode for HTTP and SIP Ken Hornstein
- Re: [kitten] SASL as authmode for HTTP and SIP Stefan Marsiske
- Re: [kitten] SASL as authmode for HTTP and SIP Ken Hornstein
- Re: [kitten] SASL as authmode for HTTP and SIP Stefan Marsiske
- Re: [kitten] SASL as authmode for HTTP and SIP Ken Hornstein
- Re: [kitten] SASL as authmode for HTTP and SIP Rick van Rein
- Re: [kitten] SASL as authmode for HTTP and SIP Rick van Rein