IETF Logo Mail Archive

Re: [Rum] Configuration file

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 21 October 2020 16:39 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EAB3A115D for <rum@ietfa.amsl.com>; Wed, 21 Oct 2020 09:39:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4Rf8p1Wg3Gk for <rum@ietfa.amsl.com>; Wed, 21 Oct 2020 09:39:38 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680065.outbound.protection.outlook.com [40.107.68.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BCC83A0AF9 for <rum@ietf.org>; Wed, 21 Oct 2020 09:39:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SbjC7mXnNQcGGpCSp7mtMvH6DrPL8l5TlxZLhe9n6Gt6JqOqaCsFdIjRf3AJkZlEFAIGDY2c9fMlHN5wSRjyjPxOSQwPnrdO5k6bzaKAXV8HsAzrw8Oh8HS2Y06jVx7QDUpwiRpqM22tEClhTGVPdm45wJVHfDj0ihU01pWc9LEdWZCvcGCp/H3iFQO7AgyWeCfSLQdrD2dwIC2bY3eB3gxUnqP0JUO0YB4RomnqFfWk2X4KWd5SgMnndeTF42HY2ADbl/S38T08q+s/fqc8u2oLenw9cTHfQIsIDZ0PPPPnHo5QDtVs/erGZLLV81aLGmq5uPx89uR25eeajdtOOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wF7i/FqtZw7/hx6ixF4so03++frcMuQ06+rYdlnn3D4=; b=QQJ1s29EAMPv2n7ux+ah9p7NtEvJhq3yS86HUo1yliKc6nHfw4+EJjFcx4JEwq2SjRrLH44gV8mWTnQrRaVlVUGLXCnnKsUHEzJvVjjTMxfFSND+1qGw3FKYX+Ww6Eax0oHASEuzPf6gRMoxdaCElohbVe3FnGS/KJpQj2d4Z3v0eREhN/pVz+Yhd9Hqc4EJVJDyPRsEGJT9li0QXdq6DgMyvnzqd5VeeuWxLXwVi88nQGj+Y2vp6IueqmuKdw1r+APNQdfj8U3e5XrksCIb4yBaU6JTPIQ+toD5qi9gymETiEG5yf3vKn3GH6JKMXfk/6hgLEuqF7FHes+SCCEsow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wF7i/FqtZw7/hx6ixF4so03++frcMuQ06+rYdlnn3D4=; b=YZhC8NuERCRunEpTEswqOgH70XMNdxCH0/I1Yq6B2t6KPdiznUueXEAzc78amdhqXLS3Ofr0EGFrxI3pyzTimbr0fjkxLSBZZWCmkhnA3g/YjqHgoOa0m5R9c/IIz+UidD481GqGottqt/uV2jBrrR+eVg8tLf55lCyrHJtu5z8=
Received: from SN4PR0501CA0038.namprd05.prod.outlook.com (2603:10b6:803:41::15) by BYAPR12MB2917.namprd12.prod.outlook.com (2603:10b6:a03:130::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Wed, 21 Oct 2020 16:39:30 +0000
Received: from SN1NAM02FT049.eop-nam02.prod.protection.outlook.com (2603:10b6:803:41:cafe::aa) by SN4PR0501CA0038.outlook.office365.com (2603:10b6:803:41::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.4 via Frontend Transport; Wed, 21 Oct 2020 16:39:30 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT049.mail.protection.outlook.com (10.152.72.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend Transport; Wed, 21 Oct 2020 16:39:29 +0000
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 09LGdRXH004029 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Wed, 21 Oct 2020 12:39:28 -0400
To: rum@ietf.org
References: <B8C4519D-60F7-4AA0-BE5F-2494578656DB@brianrosen.net> <e353ef87-1814-87b8-8a5e-52f8e325c54e@alum.mit.edu> <AE3E626F-39F0-4549-8E8B-78F1B0B8BC9B@brianrosen.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <5e702e6f-b6d5-5f54-d453-d90249e2718d@alum.mit.edu>
Date: Wed, 21 Oct 2020 12:39:27 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.3.3
MIME-Version: 1.0
In-Reply-To: <AE3E626F-39F0-4549-8E8B-78F1B0B8BC9B@brianrosen.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d8beba2a-c6fa-4a6b-d87d-08d875dfe1e2
X-MS-TrafficTypeDiagnostic: BYAPR12MB2917:
X-Microsoft-Antispam-PRVS: <BYAPR12MB2917A78F1922BE114CC9AA37F91C0@BYAPR12MB2917.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: m/Ou5hCkxZ4gh50thbee9210PD94GQ2vIlYqbU/J/brl/GqVcO97MVuaIbdy4Serkha4RAya6UdphOFeHfxURLsl2I5CXKSxgNAdu4Y6yqd5ghwBhJI22EDHPsCVGvcMT4pDBLGtQuvh4yepk+unQYkYPYE7P7Vsy0UbTGDfeHUKSgOHhDA6rQeznnHJaVYFXE7M1uZUJt4UjWQD99pwvts5FDlvm2bGPqvlTKeCszOK6FnYb6lx4NCZBe0tkFzRxmMAGHB4ShwPq2i+7fX3CJaRXUDl5HiIOYgc+jVyksYHAFcI++UFmOAy+QSdFwgydSFzRwTSemMNb3aLTu7ZMz7sMOeVu/n36VD4oHhTlws5RttvxqN5RbJzyd7mxWcWfn042Zr7/Dn/vUB6z1pCmZio5z/HwYUjwQvfEGuQRPLjn7koj7Be1ptTYZU2ONs3QfOWrRzgWo7r0K31bPNROfqlzK4ondd0BkJivbVMvPMaylMdEKGBGsTW0+vi90kg
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(136003)(376002)(396003)(39860400002)(346002)(46966005)(8676002)(2616005)(956004)(8936002)(70586007)(31696002)(82310400003)(83380400001)(75432002)(26005)(66574015)(6916009)(966005)(86362001)(2906002)(7596003)(336012)(478600001)(82740400003)(47076004)(31686004)(356005)(53546011)(70206006)(5660300002)(786003)(316002)(186003)(36906005)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2020 16:39:29.8143 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d8beba2a-c6fa-4a6b-d87d-08d875dfe1e2
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT049.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2917
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/SLYiTWnX8uUn0qJDAHYZSl52W1s>
Subject: Re: [Rum] Configuration file
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 16:39:41 -0000

On 10/21/20 12:04 PM, Brian Rosen wrote:
> Yeah, my model was different.  It assumed that whatever was done by the 
> provider, the result was a single local file.
> 
> I’m not wedded to that.  We do need at least a piece of that to know 
> which providers to look for, but a file per provider, downloaded when 
> it’s needed is okay.

Yes, the list of providers needs to be from a single source. That will 
present some administration challenges. But I don't think it makes sense 
for the providers to populate that with all the details needed for a RUE 
to connect to them.

It occurs to me that we might be able to get away with using DNS to hold 
the list of providers - avoiding the need to stand up a special server 
for that purpose.

I'm thinking that the RUE have a way to present the user with a list of 
available providers. The user would be able to select one and then ask 
to enroll with it. Then the user would get a browser connection to an 
enrollment page where he would sign up for service, be assigned a user 
name, password, and phone number. Then the device would connect to the 
config download service of the provider and download the configuration 
file. The RUE would save this. The RUE would then use the configuration 
info to do a SIP registration and be ready to both receive and initiate 
calls.

The RUE could do this for multiple providers. The result would 
presumably be a UI for something akin to a multi-line phone. (Remember 
those from the old days?)

	Thanks,
	Paul

> Brian
> 
> 
>> On Oct 21, 2020, at 11:55 AM, Paul Kyzivat <pkyzivat@alum.mit.edu 
>> <mailto:pkyzivat@alum.mit.edu>> wrote:
>>
>> On 10/20/20 3:15 PM, Brian Rosen wrote:
>>> This is still an open item and distinct from the “signed code” issue 
>>> we’ve been discussing.
>>> The current text describes a single file that can have multiple sets 
>>> of provider configuration data.  This caters to the common case of a 
>>> user having more than provider account.  The problem with the text is 
>>> it has plaintext username/passwords, which is clearly wrong.
>>> I see two solutions: require the local implementation to maintain a 
>>> password (or other multi factor authentication, and encrypt the file 
>>> so that the user needs to authenticate to access the file.  Paul is 
>>> worried that the login data may be needed more frequently than is 
>>> reasonable to enter the authentication data locally.
>>> The other is to maintain separate files in provider systems, with a 
>>> common authentication mechanism in each provider to access the file.
>>> I think Paul’s argument doesn’t really hold much water: no SIP device 
>>> I know of requires re-authentication that requires user interaction 
>>> very often, so whatever they do now is okay.  I think they just keep 
>>> the data locally, secure enough to re-use when they need to.  So 
>>> unlock once, good for a very long time.
>>> I’m reluctant to require all providers use the new OAUTH2 solution, 
>>> but if they were okay with it, that would be excellent.  We would 
>>> need some notion of common username, but otherwise it would just 
>>> work.  Seems way too different from how things work now.  Very 
>>> attractive, secure, and user-friendly.
>>
>> My concern was with one configuration file vs. a separate one for each 
>> provider. This is rooted in how the file would be provisioned in the 
>> device.
>>
>> My assumption is that this configuration is generated by the provider 
>> based on the user doing a web-based enrollment on the provider's web 
>> site, followed by the device downloading that configuration. If the 
>> user has accounts with different providers then this would happen 
>> separately for each, resulting is separate configuration files.
>>
>> Do you have a different model in mind for how this would happen?
>>
>> Thanks,
>> Paul
>>
>> --
>> Rum mailing list
>> Rum@ietf.org <mailto:Rum@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rum 
>> <https://www.ietf.org/mailman/listinfo/rum>
> 
>

v2.23.0 | Report a Bug | By Email