IETF Logo Mail Archive

Re: [Rum] RUM security model

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 28 September 2020 19:33 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4023A0962 for <rum@ietfa.amsl.com>; Mon, 28 Sep 2020 12:33:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.215
X-Spam-Level:
X-Spam-Status: No, score=-2.215 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8z5Rip4bOD2X for <rum@ietfa.amsl.com>; Mon, 28 Sep 2020 12:33:05 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2068.outbound.protection.outlook.com [40.107.243.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586633A095D for <rum@ietf.org>; Mon, 28 Sep 2020 12:33:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C+WCUB/spVAE2vy462TuSP+niM04DMQAaeVsUpB3dSFwnhsnfweye4UFru1qf8Y+zMdcIVUcYfsKGG4Xek9NAiMkqBGQ/L4EXgC3M5l/UJqMPPww4MF1UmXGsBERm7DdacI+rrdcU9OKcvGn1jAuBW0hu6f3M5OFK8Jkm0sys95vLne0wtWl+YdecxLNyb6dR8uO2LNXMe2/maYaMRFR7Fh0zFyMrN9qs2DWv6+30jEtk3fDLbK9SR91jfcXcjsIkJ4+TwvxdqoBr1W1FjYUHmhs7cknYFnOiqPyfbeviZ3vqMfB6NHDJjZTDwVBPhPWkVkBhW7HX8ohjuNHmLDS8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tTy9OTVzOQ4TfF48yOzz82fEHDWLvxPEj7Ae/J6fTRs=; b=BghAKBGQRrZ4Y7kEHQ0qVPag7xZO0vvCFosCq3NLbzml4KHwq/Lddoyuva0PON+gW04YNDyJbl7JY05V0xzo26pp2rHJ/8tRA6DhiYVDiYzQ+oz9UxFMxdUq5hWgdEg3TsPMPO68wQTyAfVlPFqpnCw7TALS9exoRC6/BPlVdqvlZGyHL9bXtJukbnLlKHhhsurFyQEp496a1YMFSJ7w7Zq4u9b5X9JAsIfJCcOM4Yc0v+pCcPtGL2ffsTOS+jIVOfgBDO/aD4AjhyWAmCLkwu3a0B9iZbjHm8I3o8lF0toAI3zbmSXhK9JPTNJh1OhSxGFjAriM0Nefb2FBiIya5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tTy9OTVzOQ4TfF48yOzz82fEHDWLvxPEj7Ae/J6fTRs=; b=GAGGatDjnuAtbM0o5gp5ZRqB3i0oiPxsTzhtF+o2pHsQgXQQmdKQpc+zTYHiB/P1GKlo5/sklMHqMRdC2F5OrJdLg/L1nfjvOG9JsScX+CVzlw3P35ER0P0JQmnGkYIcjei/V11ZYnGIwK+3IZG7Vt7o0AD+Nz9RrB9P4OHD5Bc=
Received: from SA0PR11CA0021.namprd11.prod.outlook.com (2603:10b6:806:d3::26) by DM5PR12MB1932.namprd12.prod.outlook.com (2603:10b6:3:10e::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.20; Mon, 28 Sep 2020 19:33:04 +0000
Received: from SN1NAM02FT061.eop-nam02.prod.protection.outlook.com (2603:10b6:806:d3:cafe::c3) by SA0PR11CA0021.outlook.office365.com (2603:10b6:806:d3::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22 via Frontend Transport; Mon, 28 Sep 2020 19:33:03 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT061.mail.protection.outlook.com (10.152.72.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Mon, 28 Sep 2020 19:33:03 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 08SJX13J019979 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Mon, 28 Sep 2020 15:33:02 -0400
To: rum@ietf.org
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu> <a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu> <303CFB8D-1323-4237-8D84-91BF6201B6F5@brianrosen.net> <ce9be41c-381e-81c5-6b8d-e1feb34291ee@alum.mit.edu>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <bafc0030-53c6-bb93-cdb1-587b042e78f5@alum.mit.edu>
Date: Mon, 28 Sep 2020 15:33:01 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.2.2
MIME-Version: 1.0
In-Reply-To: <ce9be41c-381e-81c5-6b8d-e1feb34291ee@alum.mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 049df7e1-1a10-43d4-b275-08d863e55148
X-MS-TrafficTypeDiagnostic: DM5PR12MB1932:
X-Microsoft-Antispam-PRVS: <DM5PR12MB1932F2D4010528BA44E9DF57F9350@DM5PR12MB1932.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: T0tbRVZwCdb9jk5ZBL+JuMZ/iRqfMR5ltQTNm81ayQcls+k16ijRDnv7i1PKvM/D8Lx1hv2yVBE8heWq1BoVF1qGhf5WKSfKyP5Eup7gJ5IQv0goTA2lIYFDKrsnF5+JO32hkFBPKablxzgWEPnJPYf1fnj0D4TxG7CfxOHtG//d9iEN94fBYdlmzyuhvevyT7jscN6Uy01wY9mXJWzJL/YX4ZuUdYPielQh1anBytS5kTEM+hrtqPNPdTf4GEMCjX8NU4CkchyFd9+mJoEsae8SIyQrYyR5XuAjIy4foDP3dRaCxfBoNIC0Ll3rBMroIES3Lxq8MRkvmZpVPPA+mY/0Rlg4swA1dReDJhQYuhyO4ftOnQlK0ttKy5yRi7Pcfj3gWarSGmf1Q+U3PBQ49BKXWhGcPZUWWq2tWQLqFCEnghM6MiZiQN/SZnVDssZe58JzI5GE8JkWJMv17CRFFshBBRvtfme+mT+4sYtaqK8=
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(39860400002)(376002)(346002)(396003)(136003)(46966005)(316002)(786003)(356005)(36906005)(186003)(5660300002)(26005)(82310400003)(70206006)(70586007)(83380400001)(8936002)(86362001)(8676002)(31696002)(7596003)(75432002)(31686004)(53546011)(336012)(478600001)(2906002)(2616005)(956004)(82740400003)(47076004)(6916009)(15650500001)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2020 19:33:03.3465 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 049df7e1-1a10-43d4-b275-08d863e55148
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT061.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1932
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/ERi30dpu17bE9NovzS7yGCfhtyk>
Subject: Re: [Rum] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 19:33:07 -0000

On 9/27/20 12:35 AM, Paul Kyzivat wrote:
> On 9/26/20 8:58 PM, Brian Rosen wrote:
>> I think we do want the spec to support multiple providers on one 
>> device/user.  I think that’s the point of having the file.  If it 
>> wasn’t them the user could just use the password for the single 
>> provider directly and not need any other mechanism.
>>
>> ISTM that if the user has a password (and possibly a second factor 
>> like a USB security device), then it can securely unlock a local 
>> resource that contains the credentials.  They can be stored encrypted, 
>> where the decrypt requires the passwords at least initially.
>>
>> The simplest model is perhaps too simple: a local encrypted file 
>> containing sign-on credentials that is decrypted with the user 
>> entering a password.  That is one password per user regardless of how 
>> many providers they use.
> 
> Yes, I think it is too simple. The RUE needs access to those sign-on 
> credentials in situations where the user isn't present. For instance, 
> suppose it is restarted due to power failure. Then it must reregister 
> ASAP in order to be available to receive incoming calls. There are lots 
> of other cases as well.

I definitely am not up to speed on the state of the art in this area. I 
wonder if we can recruit an expert to help. Perhaps request a security 
review.

	Paul

v2.23.0 | Report a Bug | By Email