Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
Martin Thomson <martin.thomson@gmail.com> Tue, 08 July 2014 21:47 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA8B11A0149 for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4_6yVKoC6YO for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:47:03 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E5051A0146 for <rtcweb@ietf.org>; Tue, 8 Jul 2014 14:47:03 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id hi2so1738558wib.1 for <rtcweb@ietf.org>; Tue, 08 Jul 2014 14:47:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ppdlgDQA6Rl7NuPmGrhijBiKZP1Thn/W2CB4zK3sGhc=; b=IqSlESxKzQaA5WA72V0ntTJ0QskeQxDjp6wAmGRvRzJ0nIYK0EDY+sSBJcoftOspql 4Jy2TAt2XHu3mQEJ4kjgkh7LXvA71SdlLYDzXAHKkZt2mVucQt3nT8/e43md/H3zFgl1 x2xzD1oWQVQ8Q9pbNwrep5uvK3j/aSK1Kq+NAN2Ry1S4j1j5ZVFiCyzADSCx/cA7F2eA Qd9N+IhJRaygXa1PaheQx9DAcC/gddk9foDcrBQfHx6wRpnj/ZFrTLKVuyEMPQCrqsrO HZi76pZUNXj3lbz5YBxmB/XR1eKfv7ZN0Jxzbe2jmC6ThthaJN/lsxUygYPybxMAMoHM Acmw==
MIME-Version: 1.0
X-Received: by 10.180.81.37 with SMTP id w5mr6733784wix.65.1404856022019; Tue, 08 Jul 2014 14:47:02 -0700 (PDT)
Received: by 10.194.110.6 with HTTP; Tue, 8 Jul 2014 14:47:01 -0700 (PDT)
In-Reply-To: <CAOW+2dvmWVigJQStrvswO_hbfzNkeHRTauku+39ZhYjdC9zKLg@mail.gmail.com>
References: <CAOW+2dsVZj56aVL5+79d6RSTZFLwjfWdm=rs7FPnvdWQZHAdfA@mail.gmail.com> <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com> <CALiegfkkEScb8fk8Hd7fafQO3bVzw1Md4=QTJrkm_vWTuAqZ7Q@mail.gmail.com> <CAOW+2dvmWVigJQStrvswO_hbfzNkeHRTauku+39ZhYjdC9zKLg@mail.gmail.com>
Date: Tue, 08 Jul 2014 14:47:01 -0700
Message-ID: <CABkgnnVpsVHCObB-0BA51XSGLNPrkmmw1nJ034=sTw6HfeiFYQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/47swn4OSxzsv2QI13gg6rdK-ogU
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 21:47:04 -0000
On 8 July 2014 14:33, Bernard Aboba <bernard.aboba@gmail.com> wrote: > BTW, the "compare" operation is potentially non-trivial in the case of > internationalized identities. None of the specifications currently describe > how the identities are to be normalized in preparation for the comparison, > so I can imagine that some "fun" could be had there. FWIW, the right hand side of identity is well defined: http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10#section-5.6.5.4.1 The LHS is completely open to confusable glyphs and all sorts of horrors. I really want to avoid stringprep or whatever it's current incarnation looks like, that's probably unavoidable long term. For now though, can we not pretend that the IdP knows what they are doing?
- [rtcweb] Security Architecture: IdP for RTP and R… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Iñaki Baz Castillo
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Dan Wing
- Re: [rtcweb] Security Architecture: IdP for RTP a… Emil Ivov
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson