Re: [rtcweb] Exchange of trusted identities in server-based conferencing (Re: Use case change request: Identity in multiuser calls)
Randell Jesup <randell-ietf@jesup.org> Fri, 12 August 2011 17:27 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0477021F84F6 for <rtcweb@ietfa.amsl.com>; Fri, 12 Aug 2011 10:27:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.481
X-Spam-Level:
X-Spam-Status: No, score=-2.481 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fNnXi2pVBjjW for <rtcweb@ietfa.amsl.com>; Fri, 12 Aug 2011 10:27:19 -0700 (PDT)
Received: from arthur.webserversystems.com (arthur.webserversystems.com [174.132.191.98]) by ietfa.amsl.com (Postfix) with ESMTP id CA95A21F84F3 for <rtcweb@ietf.org>; Fri, 12 Aug 2011 10:27:17 -0700 (PDT)
Received: from pool-98-111-140-38.phlapa.fios.verizon.net ([98.111.140.38] helo=[192.168.1.12]) by arthur.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1QrvWV-0008FZ-2E for rtcweb@ietf.org; Fri, 12 Aug 2011 12:27:55 -0500
Message-ID: <4E456228.4010202@jesup.org>
Date: Fri, 12 Aug 2011 13:26:00 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CA69AF47.1CBB0%henry.sinnreich@gmail.com> <4E445F49.6080705@alcatel-lucent.com> <4E449E6B.8020205@alum.mit.edu> <4E450F00.9090908@alvestrand.no> <4E453626.50607@alcatel-lucent.com>
In-Reply-To: <4E453626.50607@alcatel-lucent.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - arthur.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Exchange of trusted identities in server-based conferencing (Re: Use case change request: Identity in multiuser calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2011 17:27:20 -0000
On 8/12/2011 10:18 AM, Igor Faynberg wrote: > On 8/12/2011 7:31 AM, Harald Alvestrand wrote: >> ... >> The normal method of authentication for teleconferences today is that >> people prove they have the conference number (by calling in), and >> recognize each others' voices. >> ... > Is there not a conference code, too? In all (five or six of them that I > have used) there was one. This code is, effectively, a shared secret. > In the service we use, the conference host can create a new code for > each meeting. (One problem with relying on recognizing voices is > passive intruding: I can join your conference and never say a word.) IMHO that particular level/type of security is not something to be decided by rtcweb, that's up to the application and server to decide and handle. At most, I'd suggest an API that lets the application supply a shared secret (how it's obtained isn't our problem - from the user, from secure email, etc) to use in generating/validating the keys and/or identities. -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Use case change request: Identity in mul… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- [rtcweb] Exchange of trusted identities in server… Harald Alvestrand
- Re: [rtcweb] Exchange of trusted identities in se… Igor Faynberg
- Re: [rtcweb] Exchange of trusted identities in se… Paul Kyzivat
- Re: [rtcweb] Exchange of trusted identities in se… Alan Johnston
- Re: [rtcweb] Exchange of trusted identities in se… Randell Jesup