IETF Logo Mail Archive

Re: [rtcweb] IdP in RTCWeb

Igor Faynberg <igor.faynberg@alcatel-lucent.com> Thu, 22 March 2012 18:18 UTC

Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B9D921F8597 for <rtcweb@ietfa.amsl.com>; Thu, 22 Mar 2012 11:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.546
X-Spam-Level:
X-Spam-Status: No, score=-7.546 tagged_above=-999 required=5 tests=[AWL=-0.947, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bar1WTlI1oCK for <rtcweb@ietfa.amsl.com>; Thu, 22 Mar 2012 11:18:02 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id C6D7821F8596 for <rtcweb@ietf.org>; Thu, 22 Mar 2012 11:18:02 -0700 (PDT)
Received: from usnavsmail3.ndc.alcatel-lucent.com (usnavsmail3.ndc.alcatel-lucent.com [135.3.39.11]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id q2MIHx3r007932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 22 Mar 2012 13:18:00 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail3.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q2MIHxVg015555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 22 Mar 2012 13:17:59 -0500
Received: from [135.222.232.245] (USMUYN0L055118.mh.lucent.com [135.222.232.245]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q2MIHxZv015165; Thu, 22 Mar 2012 13:17:59 -0500 (CDT)
Message-ID: <4F6B6CD6.2070801@alcatel-lucent.com>
Date: Thu, 22 Mar 2012 14:17:58 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <4F6B5FEE.9060706@alcatel-lucent.com> <CABcZeBPBac83KmE3we1nAV+eEusLrJbUij4DHmuCyDSkQ4fdVQ@mail.gmail.com>
In-Reply-To: <CABcZeBPBac83KmE3we1nAV+eEusLrJbUij4DHmuCyDSkQ4fdVQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.11
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] IdP in RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 18:18:03 -0000

Thanks! Now I understand.

My only follow-up question (and that could probably wait until the next 
week) is why not make BrowserID certificate adhere to X.509.  If we 
issue self-signed X.509 certificates ourselves, what is in the way of 
any IdP doing just that?

Igor

On 3/22/2012 1:53 PM, Eric Rescorla wrote:
> Good question.
>
> 1. BrowserID certificates aren't X.509, and that's all the TLS/DTLS will do.
> 2. This lets us be agnostic about IdP mechanisms without having to change
> TLS every time we add a new one.
>
> -Ekr
>
>
> On Thu, Mar 22, 2012 at 6:22 PM, Igor Faynberg
> <igor.faynberg@alcatel-lucent.com>  wrote:
>> Eric,
>>
>> A question:  For the case of BrowserID, I understand that a client gets a
>> certificate from an IdP.   If so, why you and I would not use the
>> certificates from our respective IdPs in order to authenticate each other
>>   in DTLS?
>>
>> Igor
>>
>>
>>

v2.23.0 | Report a Bug | By Email