IETF Logo Mail Archive

Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 24 September 2020 14:55 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 284AA3A0D75 for <rum@ietfa.amsl.com>; Thu, 24 Sep 2020 07:55:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXIS4hxPCsW7 for <rum@ietfa.amsl.com>; Thu, 24 Sep 2020 07:55:36 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2068.outbound.protection.outlook.com [40.107.236.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06613A0D7B for <rum@ietf.org>; Thu, 24 Sep 2020 07:55:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fGSnPHOKcFvHrJdTUL/bfqBF++zkjHcwMhJ3AomMf/2RK3/wSVKHOAdOFDBfkMY8QKSIZ6HSvRl0L6bGeDVzoqKzWqr0dSCzGuqGwi8zyackGGVKZWqBPT1RGVMa96smzxtXsNKBb8ftwp1w5yShd8KJ67IWidDE0n1T33Gf0f1zZETL/RZyHOhFmqSW2M1/fnbYHpVxoik843a1vI15Ygag+alcnmtrtCk2tmZ2g1BZHtjmwISsZIVs/dkjSI4D+zV9zXtNvo7QpgKmRkbxupihbSrLbQruPwAySh5b9GgbDE3Bvi8uczKRV/l8igktNfW/Su04zpGRY6l8vueYvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGn6nYtYUmwSD1LqC9hnzs6UkiXNtZvS1kw/kB2IBVg=; b=HAfIBm3ZUwVhYMW0Vvt76jJe9WHLZgN67ZjCKgwYwWlKHGmBA1D2clPDvZQ83VslYjnelklLjAPbPd05A8ShUgbMUjsWL94FaTE9FenE3nSbJtWr7kU4b5ZvgO80J5DKGROoIx9EBY58HKiEujcwZ/bBSdzupFDresKzJOm23F1JWrzd7kXccslE26b5H16v6BVN2rgD+sAp9sFGxnXOmvN4HQTRV3SjfTBtx9+pDp4cCeqE8gD8rdM/oZjQUjTMCgKs1VP/8e5LY/UK35waA8C4xyOC89NTZn/JHPdoPQ8FcyKbtuDL69Hses1nf49lSkErPRHxh2quUujP1ZmNww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGn6nYtYUmwSD1LqC9hnzs6UkiXNtZvS1kw/kB2IBVg=; b=EhbHwWkg6IZPdvJJyOYdVmZIgGvpS1gy4mvT6wQWgCvs/qnbQ9r30jKNhucce9JVLd2tPTx/arLMJ2GXGHfJ+3ZUTYAbWgLlFwKB/NEk1lH0hU9myQp9L+rTTId/KsdREDBjKp70AhtjTFOu1NF6WtKAbXYvssthg+L0XDemXeU=
Received: from CY4PR03CA0008.namprd03.prod.outlook.com (2603:10b6:903:33::18) by BN6PR12MB1875.namprd12.prod.outlook.com (2603:10b6:404:103::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22; Thu, 24 Sep 2020 14:55:27 +0000
Received: from CY1NAM02FT064.eop-nam02.prod.protection.outlook.com (2603:10b6:903:33:cafe::19) by CY4PR03CA0008.outlook.office365.com (2603:10b6:903:33::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22 via Frontend Transport; Thu, 24 Sep 2020 14:55:27 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT064.mail.protection.outlook.com (10.152.74.64) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Thu, 24 Sep 2020 14:55:25 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 08OEtNoH007147 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Thu, 24 Sep 2020 10:55:24 -0400
To: rum@ietf.org
References: <1600679072074.473@purple.us> <13bd7883-da42-9c48-5cfe-8eaac47c8886@alum.mit.edu> <1600930740003.80867@purple.us> <5E0F41A3-A096-40C1-B055-3D33F76E7D84@brianrosen.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <a7d60bed-26b9-fc82-7e0b-718c39051ad8@alum.mit.edu>
Date: Thu, 24 Sep 2020 10:55:22 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.2.2
MIME-Version: 1.0
In-Reply-To: <5E0F41A3-A096-40C1-B055-3D33F76E7D84@brianrosen.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 53bb5542-a73e-412e-5ae6-08d86099dee9
X-MS-TrafficTypeDiagnostic: BN6PR12MB1875:
X-Microsoft-Antispam-PRVS: <BN6PR12MB18757F6CB522ECEB19A1237FF9390@BN6PR12MB1875.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nRm3qEvupqgWNhLBChuFR8p0lI+mWhbQh7LG7cylfDIqNK8HhpozSHgYSu/XmMl8sr/kSQ9LZ3kRL0bwoZDtnYW3ryLbyDNORvLEi8dAuwASS/2jAG5yh2hxGzx1OGNNXLiB6mmc8tQAbmA+k7w9/9nBTGFx+L7VzZlUz52rrWjM1AzIcvrpwFfpFlGYRNQdmwQy9LDt/N9ijTDguT72AAwvCNblibSLwKkcVLzbsawWolV2SkKLkLTdiCsB8vWHw4Qyr7Doa4lUaFVN+xmTJE36lJ1JrGoPkCBjP+fO4RUExiFQVr4ehQQRaeNUjs3c2Bz3WGKFCYpwwfONyw6cjEmG0v2pKxtrXcAfDDqg2AEBKJpLmFxv9rK9x5+6wNgyHEdb3/sUgySAUUEMKwgS8yqOQcrz0hT7AdVDnyGdW9fTDUnDJSajgHEVdSbndkKwOLLSsOVvjmgn7qOgEBpYJjvO5aKMPHp6s0KeZ3B7zaSjncUthnMJH1IxHAHmwJG+HY5JOfJX9Ryu5xtGctBc3icHaC5whr2tFrBZaiKjSjxa7OUjgBdErrvVEhJE6Iwy
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(136003)(376002)(346002)(39860400002)(396003)(46966005)(70586007)(2906002)(966005)(186003)(53546011)(26005)(75432002)(356005)(82740400003)(31686004)(5660300002)(336012)(7596003)(86362001)(786003)(316002)(36906005)(2616005)(956004)(478600001)(83380400001)(6916009)(82310400003)(70206006)(47076004)(8676002)(31696002)(8936002)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Sep 2020 14:55:25.6224 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 53bb5542-a73e-412e-5ae6-08d86099dee9
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: CY1NAM02FT064.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1875
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/Iq9WqWo-pSR-fzmap2Xv00tm2d4>
Subject: Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2020 14:55:38 -0000

On 9/24/20 9:39 AM, Brian Rosen wrote:
> Are there any solution proposals?
> 
> The solutions for this class of problem that I know about require a closed environment, where there is some trust (here between the environment creator and the providers), and there is some kind of signature on the code.  The environment refuses to execute code that is not signed, and checks the signature digest against the code digest.
> 
> We don’t have such an environment, so I am at a loss to suggest any solution.

+1. That has been the problem from the beginning.

So James, do you have an idea for how to solve this, or know someone who 
does?

	Thanks,
	Paul

>> On Sep 24, 2020, at 2:58 AM, James Hamlin <james.hamlin@purple.us> wrote:
>>
>> Hi Paul
>>
>> Agreed, the background to this is that VRS Providers wish to provide controlled, limited access to 3rd party applications so as to protect their services from bad actors and misbehaving Apps. And I don't think a solution had been fully agreed.
>>
>> Best regards
>>
>> James
>>
>>
>> James Hamlin
>> Contractor
>> Purple, a Division of ZP Better Together, LLC
>> purplevrs.com
>> The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.
>>
>> ________________________________________
>> From: Paul Kyzivat <pkyzivat@alum.mit.edu>
>> Sent: 21 September 2020 15:47
>> To: James Hamlin
>> Cc: rum@ietf.org
>> Subject: Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt
>>
>> James,
>>
>> Since you are the one VRS Provider person who regularly contributes
>> here, can I ask you to help a bit more?
>>
>> Back when we started this work with Henning several years ago a major
>> concern of the providers was to find a mechanism to easily and cheaply
>> restrict access to RUE implementations that have been tested/certified.
>> The goal as I understand it was to avoid subjecting the provider systems
>> to attacks. But to date we haven't identified a mechanism for doing this
>> that actually works. At the moment there is nothing in the draft for that.
>>
>> I have been arguing that web servers don't limit access to certified web
>> browsers and they manage to survive. But still I am willing to entertain
>> including a mechanism if we could find one that is workable.
>>
>> Would you be willing to work on this with us? In particular, to start,
>> identify the particular concerns and the level of effort that is/isn't
>> acceptable to identify and reject uncertified clients.
>>
>>         Thanks,
>>         Paul
>>
>> On 9/21/20 5:04 AM, James Hamlin wrote:
>>> Brian
>>>
>>>
>>> Thanks for the new draft.
>>>
>>>
>>> I think the final sentence in section 5.2.5. "Emergency Calls" is out of
>>> scope, as it tries to define the interface between the VRS provider and
>>> the PSAP. From the rest of the text, the purpose of the data exchange
>>> between RUE and VRS provider is already clear; the final sentence could
>>> be dropped without detracting from the description of the RUM interface.
>>> I propose dropping the text/: "Providers MUST implement Data Provider
>>> and Service Information blocks as the call is forwarded to the PSAP."./
>>>
>>>
>>> Best Regards
>>>
>>>
>>> James
>>>
>>>
>>> James Hamlin
>>> Contractor
>>> Purple, a Division of ZP Better Together, LLC
>>> purplevrs.com
>>>
>>> The information contained in this e-mail message is intended only for
>>> the personal and confidential use of the recipient(s) named above. If
>>> you have received this communication in error, please notify us
>>> immediately by e-mail, and delete the original message.
>>>
>>>
>>
>>
>> -- 
>> Rum mailing list
>> Rum@ietf.org
>> https://www.ietf.org/mailman/listinfo/rum
>

v2.23.0 | Report a Bug | By Email