IETF Logo Mail Archive

[Rum] Configuration file

Brian Rosen <br@brianrosen.net> Tue, 20 October 2020 19:16 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B969D3A132C for <rum@ietfa.amsl.com>; Tue, 20 Oct 2020 12:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HeXc2Z4NIxRS for <rum@ietfa.amsl.com>; Tue, 20 Oct 2020 12:16:07 -0700 (PDT)
Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC3843A1340 for <rum@ietf.org>; Tue, 20 Oct 2020 12:15:46 -0700 (PDT)
Received: by mail-qv1-xf31.google.com with SMTP id cv1so1417678qvb.2 for <rum@ietf.org>; Tue, 20 Oct 2020 12:15:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=kobfG23OF9rjmVNOjA/HleEKR/K+za3tzI1pnUlw0IU=; b=CYrXRbNcpJIHqgRA2hzgga+jRPgFZoOC6y5zFTNzoge9KzrjDckd4iz8xTjhMlUFQM ivz+zg/Y79E+FqzklspQoa4xFm2y7PmoXBy13kMaoeIMb8EZk+O01Wa2v5LltRpoKkf/ Ix5LZEke3x2IQ93N25B31Igyt8ZAfBRJsMhykJEibgiKDdVndAOeRwUFblODJ5Lwriii AYG6WV7YvEB9Yt3rf/RQDOU9u+2GmvlyEl//575YKycQpOlNwGmrgm5MbpN/Srcs1HpI FHtyzR6oMEWssK2RRN8HOn3WjZV4r2FW1HgjXDhTz+7wdctUiP12aRdJLlirumQP9l55 J5Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=kobfG23OF9rjmVNOjA/HleEKR/K+za3tzI1pnUlw0IU=; b=GCpbBsaqzCBRPDJmuVLF2MjBr9/Is1HNzX7Rquqvuj4rjwgGuXo3bBvNPJTHmroQps EfQR5cPrKCt/FYeX/bFFK6E/KmjZIBuwQGb/52q+6G1Fe2XTLaP4b5rrRKZe/fx24SkN V1xBqoSONEutY362AyzdId1CoxGVs4ZX8S1PfvRaBdrjymyAkJkp8+BkRK+X0Pgq7x6n KDp26Mq0i2RmcYbgzdx37A7T4TDacgAFhWwIUX1E0Dy0elJatOJCHhR7bRh0cVHggTWR gD7pk/sfmetb7G2LXn7pa0UpULm29FBvoNRF+JA44otuQI98xINmjk2TNBD+Y6DPqApg k3QQ==
X-Gm-Message-State: AOAM531/XkMbjAVbnBv3Uxa1FXIIwZd5bqwhI/INuBXxw/Ji9hOrJzOH 3yGeUp7kg1GxGAXG08KZLYHJqXfgAcHHa1IT
X-Google-Smtp-Source: ABdhPJyBSqRMVEEp5I+Hdc9m5PxefXIUMXIQ6T1UG4wmzEA7bzBnRZkq9a4WTUZNAnae0KrJ/5DzDw==
X-Received: by 2002:a05:6214:11ee:: with SMTP id e14mr4773401qvu.25.1603221345301; Tue, 20 Oct 2020 12:15:45 -0700 (PDT)
Received: from brians-mbp-2871.lan (dynamic-acs-24-154-119-158.zoominternet.net. [24.154.119.158]) by smtp.gmail.com with ESMTPSA id g11sm842426qkl.30.2020.10.20.12.15.44 for <rum@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Oct 2020 12:15:44 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Message-Id: <B8C4519D-60F7-4AA0-BE5F-2494578656DB@brianrosen.net>
Date: Tue, 20 Oct 2020 15:15:43 -0400
To: rum@ietf.org
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/SIKO44ecVRZ1hGS3siMqWkuA1IY>
Subject: [Rum] Configuration file
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 19:16:18 -0000

This is still an open item and distinct from the “signed code” issue we’ve been discussing.

The current text describes a single file that can have multiple sets of provider configuration data.  This caters to the common case of a user having more than provider account.  The problem with the text is it has plaintext username/passwords, which is clearly wrong.

I see two solutions: require the local implementation to maintain a password (or other multi factor authentication, and encrypt the file so that the user needs to authenticate to access the file.  Paul is worried that the login data may be needed more frequently than is reasonable to enter the authentication data locally.  

The other is to maintain separate files in provider systems, with a common authentication mechanism in each provider to access the file.

I think Paul’s argument doesn’t really hold much water: no SIP device I know of requires re-authentication that requires user interaction very often, so whatever they do now is okay.  I think they just keep the data locally, secure enough to re-use when they need to.  So unlock once, good for a very long time.

I’m reluctant to require all providers use the new OAUTH2 solution, but if they were okay with it, that would be excellent.  We would need some notion of common username, but otherwise it would just work.  Seems way too different from how things work now.  Very attractive, secure, and user-friendly.


Brian

v2.23.0 | Report a Bug | By Email