[Rum] RUM security model
Paul Kyzivat <pkyzivat@alum.mit.edu> Sat, 26 September 2020 17:21 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 559063A0C70 for <rum@ietfa.amsl.com>; Sat, 26 Sep 2020 10:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r32as6sT2jmX for <rum@ietfa.amsl.com>; Sat, 26 Sep 2020 10:21:06 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2041.outbound.protection.outlook.com [40.107.93.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A1863A0C16 for <rum@ietf.org>; Sat, 26 Sep 2020 10:21:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c/9Lj6eDg+Lh7HrOWGHhbOwYgEwT8xCDuPrBZemnLyVMDlygYBvT7tG/2yAsrFi1Bi6Qq/p0+v0Cjqrve5rXB6vBybSGZ+wfAACzLF6cholfPD4Wo7H6UrxN18rwKPcMfC56YQYzUJ1xCLUC5h2xMW6D8rrUhuDwM1wKf10J/tLylE5oXHDcta02TCpqOwOtEGR4BQBI2tlZOhlxC0RhpcRtKfpirx7dAhU8/xiYdra3NIzUa6+mWP3SyX/M6Ake6ypl5xXiKd7ER5cHe4SUuu7vCwfMCN5D6oWq0ODP/OFhBGGodsXEX2RxppMyVvZNwX1R6gQMGRyXL17pUrkrug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PotLnNspvKqNUa8/YBZ4bLkco+QkC5Oxk5DWQ5jv42Y=; b=JYT+O2BfsR7SxDCwYr+kn8b3aTGqsju3Kwy5ElO3wcEP9vm1G1cNkaZBS5QITGam7MQHdT5hDb0gmknk4vpalJqkty+VOAM7k2mMNsYFMut9Zw30Ae/d1RZIR3q0LqLBOWuJE3/BapMEVJpnLSMnRhKbKnf7LxI8OMALmGLCL/IhN/BVKWYusKPpziRfUZprG6bSp3ju83cab1VpYkEywvuZmf35ZhuXEdP8gHRHxyMJ/S3IItV/Hp0LsVrEZNPJD59cYjIfERFhmE3jOPHVoV/8JuXXnf0UcKpAXQPIt7p19HvnfFH+g50aRHH/1y1d3A92lgs8YkskKBWR5hWaRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PotLnNspvKqNUa8/YBZ4bLkco+QkC5Oxk5DWQ5jv42Y=; b=F68loMsIfl2D5xnB8g24KE/r5iO+/yvv2pQCdgDG2maBguroEGdfs4/HniwhjFMgDfF/Yt5w5Mktpzbxv90GibPZI1JKuJ9tihCBbMQpeyfJnHhCsxms/b4nywN23Cb746cQjMT3Wa+kpoikiMgrew1lGJurj2s2nxsIOVI7Rto=
Received: from SN6PR2101CA0030.namprd21.prod.outlook.com (2603:10b6:805:106::40) by DM5PR12MB2373.namprd12.prod.outlook.com (2603:10b6:4:b1::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22; Sat, 26 Sep 2020 17:21:00 +0000
Received: from SN1NAM02FT018.eop-nam02.prod.protection.outlook.com (2603:10b6:805:106:cafe::2b) by SN6PR2101CA0030.outlook.office365.com (2603:10b6:805:106::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.7 via Frontend Transport; Sat, 26 Sep 2020 17:21:00 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT018.mail.protection.outlook.com (10.152.72.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Sat, 26 Sep 2020 17:21:00 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 08QHKvLi019895 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Sat, 26 Sep 2020 13:20:58 -0400
To: rum@ietf.org
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu>
Date: Sat, 26 Sep 2020 13:20:57 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.2.2
MIME-Version: 1.0
In-Reply-To: <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 74b0c072-a85b-4eab-cbe8-08d8624089cd
X-MS-TrafficTypeDiagnostic: DM5PR12MB2373:
X-Microsoft-Antispam-PRVS: <DM5PR12MB23734FDFDBFAD787A5FEEA4EF9370@DM5PR12MB2373.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: tryrf4peaeNG23ocCTV6eB90Jif50R71m/wRIxbgznBKJ+mZVr5U0LkPE5R3Zz7iCklZP0wetGD8eFBxJxUYsGfdb4ruY+afa8BT+mjR5BmdIfzTWZJCK4i2oidDYGqoSHKId7I7L7xh/SbQbhPa5IOgPMxKh3pgcTqf4R/hKoicXa1tHfpUX6rbbQyWcM3M9eV6ABDMM02OrlQdRqaGBaUSeO81aaBM30M4VV/e7gLlkHIQoqyf5/d8pkxsr2NN/XgPztLVd8twNNKsMypa8wQdrexhQKklSg/Bs75AXp6ze+mgToRjuerAIyvE5BYT4g5eQp+Ik++oiKM0xLoSrkO2j6COlVMaTLW2ZhW6BIFIRtmoN2HQC+YZ/atVDxdel5IeCZ9CqYz63TXw6+s3+SJKtg6g5oKxZY47pB0otakwiVX7igwg7eaH1KdJfr1aiTUEk3b6K5ltzjPtYoN6hL7q0nl87EQpmW/NyUJOMHg=
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(396003)(136003)(39860400002)(376002)(346002)(46966005)(336012)(8676002)(5660300002)(6916009)(70206006)(82310400003)(31686004)(70586007)(8936002)(15650500001)(82740400003)(3480700007)(75432002)(47076004)(186003)(478600001)(83380400001)(53546011)(86362001)(26005)(7116003)(956004)(356005)(2616005)(2906002)(31696002)(316002)(36906005)(7596003)(786003)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Sep 2020 17:21:00.0480 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 74b0c072-a85b-4eab-cbe8-08d8624089cd
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT018.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2373
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/QzMRrfvZuEV6aIBh-ABlHm1xo9k>
Subject: [Rum] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 17:21:13 -0000
On 9/18/20 11:52 AM, Paul Kyzivat wrote: > Brian, > > Thanks for reviving this and resolving some of the open issues. I hope > we can soon identify and resolve remaining issues. > > I do think the password issue is going to be tricky to sort out. We > should get a discussion going on it. I'm thinking that we may need a > whole section discussing the security model. Some brainstorming on this - half baked thoughts: 1) In many cases a RUM device is an always-on device. It must possess credentials that allow it to remain authenticated to a registrar even when no user is present. (Not different from many sip devices, but worth calling out.) 2) It is the user (owner?) of the RUM device that must first authenticate to a provider. This authentication then needs to be delegated to the RUM device to satisfy the requirements of (1). 3) There will be a need for the *user* to periodically reauthenticate. This may sometimes be time based, but may also be required when the device or server have been compromised, etc. This can be a problem if it occurs when the user isn't immediately available. In most cases the RUM device should still be allowed to remain registered for receipt of incoming calls until such time as a user is present to participate in reauthentication. 4) Credentials held by the RUM device in support of (1) and (2) must be secured. It should be impossible for an attacker to extract these credentials and reuse them in another device. (This is hard. We may not be able to fully achieve it in the spec. But we need to consider it.) 5) The security system for RUM devices must be compatible with RUM devices that support simultaneous registration to multiple VRS providers. However there is no requirement for a RUM device to support this feature. (It isn't clear to me if this requirement imposes any particular burden on the spec. I only bring it up to cover all the bases.) Note: In the above I keep using the term "RUM device". I did this because I *think* RUE is a more generic term that encompasses both RUM compliant devices and non-compliant ones like existing proprietary VRS provider supplied user devices. I think it is too late to restrict the definition of RUE to being compliant to RUM, since it is used in the more generic sense in the provider profile. I'm content to keep using "RUM device" but I'm open to other suggestions. In any case, whatever we decide should go into the definitions.
- [Rum] I-D Action: draft-ietf-rum-rue-03.txt internet-drafts
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt James Hamlin
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt James Hamlin
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Brian Rosen
- Re: [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Olle E. Johansson
- Re: [Rum] [EXT] RUM security model Jim Malloy
- Re: [Rum] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Jim Malloy
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Asveren, Tolga
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Olle E. Johansson
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen