Re: [rtcweb] IdP in RTCWeb
Igor Faynberg <igor.faynberg@alcatel-lucent.com> Fri, 23 March 2012 18:53 UTC
Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 583B821E804E for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 11:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.275
X-Spam-Level:
X-Spam-Status: No, score=-9.275 tagged_above=-999 required=5 tests=[AWL=1.324, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o+1vWSnhHyDv for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 11:53:37 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3E421F861F for <rtcweb@ietf.org>; Fri, 23 Mar 2012 11:53:37 -0700 (PDT)
Received: from usnavsmail4.ndc.alcatel-lucent.com (usnavsmail4.ndc.alcatel-lucent.com [135.3.39.12]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q2NIrYlT022356 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 23 Mar 2012 13:53:34 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail4.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q2NIrXO6003290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 23 Mar 2012 13:53:34 -0500
Received: from [135.244.32.113] (faynberg.lra.lucent.com [135.244.32.113]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q2NIrWg5004679; Fri, 23 Mar 2012 13:53:32 -0500 (CDT)
Message-ID: <4F6CC6B6.7060903@alcatel-lucent.com>
Date: Fri, 23 Mar 2012 14:53:42 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Harald Alvestrand <harald@alvestrand.no>
References: <4F6B5FEE.9060706@alcatel-lucent.com> <CABcZeBPBac83KmE3we1nAV+eEusLrJbUij4DHmuCyDSkQ4fdVQ@mail.gmail.com> <4F6B6CD6.2070801@alcatel-lucent.com> <4F6C5D02.6010800@alvestrand.no>
In-Reply-To: <4F6C5D02.6010800@alvestrand.no>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.12
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] IdP in RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 18:53:41 -0000
Now I understand and agree that we cannot change their specification. But... do we need to use it? Igor On 3/23/2012 7:22 AM, Harald Alvestrand wrote: > On 03/22/2012 07:17 PM, Igor Faynberg wrote: >> Thanks! Now I understand. >> >> My only follow-up question (and that could probably wait until the >> next week) is why not make BrowserID certificate adhere to X.509. If >> we issue self-signed X.509 certificates ourselves, what is in the way >> of any IdP doing just that? > The BrowserID specification is the work item of a group that is > entirely outside of this group. > You can certainly go there (browserid.org) to argue that they should > change to X.509 certificates, but we can't decide in the RTCWEB WG > that they should change. > >> >> Igor >> >> On 3/22/2012 1:53 PM, Eric Rescorla wrote: >>> Good question. >>> >>> 1. BrowserID certificates aren't X.509, and that's all the TLS/DTLS >>> will do. >>> 2. This lets us be agnostic about IdP mechanisms without having to >>> change >>> TLS every time we add a new one. >>> >>> -Ekr >>> >>> >>> On Thu, Mar 22, 2012 at 6:22 PM, Igor Faynberg >>> <igor.faynberg@alcatel-lucent.com> wrote: >>>> Eric, >>>> >>>> A question: For the case of BrowserID, I understand that a client >>>> gets a >>>> certificate from an IdP. If so, why you and I would not use the >>>> certificates from our respective IdPs in order to authenticate each >>>> other >>>> in DTLS? >>>> >>>> Igor >>>> >>>> >>>> >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb >> >
- [rtcweb] IdP in RTCWeb Igor Faynberg
- Re: [rtcweb] IdP in RTCWeb Eric Rescorla
- Re: [rtcweb] IdP in RTCWeb Igor Faynberg
- Re: [rtcweb] IdP in RTCWeb Harald Alvestrand
- Re: [rtcweb] IdP in RTCWeb Igor Faynberg
- Re: [rtcweb] IdP in RTCWeb Ralph Giles