IETF Logo Mail Archive

Re: [Rum] Configuration file

Brian Rosen <br@brianrosen.net> Thu, 22 October 2020 13:18 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E0523A0B9D for <rum@ietfa.amsl.com>; Thu, 22 Oct 2020 06:18:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXMS_774dJq1 for <rum@ietfa.amsl.com>; Thu, 22 Oct 2020 06:17:59 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B233A0BAB for <rum@ietf.org>; Thu, 22 Oct 2020 06:17:58 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id cv1so801741qvb.2 for <rum@ietf.org>; Thu, 22 Oct 2020 06:17:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=cAgnmkJEHhEvJaAttXRbnQ260FKkJVqUAAIzIQh9H50=; b=WjcZ3c20gam65uNriDK2FH1xbzVsE+Xn7Dvpvc69ePY+z5boRNRSDE7SSHdirPjvcR jLI5mom7e9cC/AIcl7UEFSGXkuhyJjQHv1fIHzWmiwdSZmtxOiPdU5BlsgfieIOrHgZ9 8kOyd92vbbHXW4vsUW9q2zc/mQ84HvxjXO+Y7J5uDV5hXsg4hSB1PACxR7LGLoCGQlM+ vRdQXoAgdRXJomXKfrvd3h7m1Tj7BoqLiR0TUSCUH3gGB+LDEevgc/7iUTwAENHXAiBv MeqHbbaS5Ugap2S2TQWLnJ4Jz6/DD0vjj/AHCCQEHGI7CC7xswSqT60C/U1SV/ZBJLai jcvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=cAgnmkJEHhEvJaAttXRbnQ260FKkJVqUAAIzIQh9H50=; b=DUymFN8nLsli1mmXGw/2AckMOXOAOg1xj29FmxRRaX6MCQC6i4vqRDO2OMRMleAWFC bB84JbLFp7WeO2rw+OAWvnYWtxCQGcC0En3fG80bfvhvWWp96uyTz4Eoztoh45uDaW0d 4A2SbAO8UzzrHPmwZPCGHwEcO6fSaqJ6wFGoQFwq5++s52SjlBh/sKBBKnkGrbu++kyf HvklgH3cvDwjI5NQa7yTgHWwVY5ti5Ti00h7GysNwLt2peaNxfKMB5dNqXSxyhm+k1d0 KbcVfif1UUGBF2Y9lrzi/O2CXYwQszcQVq/xd/WDqHi2OLXaAiPfUsze0WNSLdjXqMAJ DoOg==
X-Gm-Message-State: AOAM532fA1paIcWt6r0IMJNqR4H9lVst4qb+YM1Mgh7rkY9UCYzM1g9S Ai79Ji74tk5FTQfQFc8fa4kmR3e/vHC2aCDo
X-Google-Smtp-Source: ABdhPJwYbvw+MgfbhrENFAPeD7Kt2CtUn+1woeItZ+e+egX7pK6SbxmIpheTeMxteeIrnye9/UwGGQ==
X-Received: by 2002:a0c:eacc:: with SMTP id y12mr2325836qvp.31.1603372677737; Thu, 22 Oct 2020 06:17:57 -0700 (PDT)
Received: from brians-mbp-2871.lan (dynamic-acs-24-154-119-158.zoominternet.net. [24.154.119.158]) by smtp.gmail.com with ESMTPSA id g11sm918432qkl.30.2020.10.22.06.17.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Oct 2020 06:17:56 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Message-Id: <8047B5E7-D235-446E-9B9C-E0B871C6E48C@brianrosen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B036D211-DBCB-4576-858D-60358BA6AB50"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 22 Oct 2020 09:17:55 -0400
In-Reply-To: <5e702e6f-b6d5-5f54-d453-d90249e2718d@alum.mit.edu>
Cc: rum@ietf.org
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
References: <B8C4519D-60F7-4AA0-BE5F-2494578656DB@brianrosen.net> <e353ef87-1814-87b8-8a5e-52f8e325c54e@alum.mit.edu> <AE3E626F-39F0-4549-8E8B-78F1B0B8BC9B@brianrosen.net> <5e702e6f-b6d5-5f54-d453-d90249e2718d@alum.mit.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/UBQ-LO9gSgbxrxkEcIXEjSuUADk>
Subject: Re: [Rum] Configuration file
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 13:18:02 -0000

How would we use DNS to hold the list of providers?  Seems to me that the official list, at least in some places like the US, is controlled by the regulator.  That isn’t the case in other countries.  Where it is, there is an authoritative source.  Could we make the list a registry, make it country specific, and have an expert decide if a provider should be added to the list?

I think your description of signup and config is good.

Yes, I remember multi-line phones.  I have a SIP multi-line phone on my desk that has “lines” from multiple providers.

Brian


> On Oct 21, 2020, at 12:39 PM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
> 
> On 10/21/20 12:04 PM, Brian Rosen wrote:
>> Yeah, my model was different.  It assumed that whatever was done by the provider, the result was a single local file.
>> I’m not wedded to that.  We do need at least a piece of that to know which providers to look for, but a file per provider, downloaded when it’s needed is okay.
> 
> Yes, the list of providers needs to be from a single source. That will present some administration challenges. But I don't think it makes sense for the providers to populate that with all the details needed for a RUE to connect to them.
> 
> It occurs to me that we might be able to get away with using DNS to hold the list of providers - avoiding the need to stand up a special server for that purpose.
> 
> I'm thinking that the RUE have a way to present the user with a list of available providers. The user would be able to select one and then ask to enroll with it. Then the user would get a browser connection to an enrollment page where he would sign up for service, be assigned a user name, password, and phone number. Then the device would connect to the config download service of the provider and download the configuration file. The RUE would save this. The RUE would then use the configuration info to do a SIP registration and be ready to both receive and initiate calls.
> 
> The RUE could do this for multiple providers. The result would presumably be a UI for something akin to a multi-line phone. (Remember those from the old days?)
> 
> 	Thanks,
> 	Paul
> 
>> Brian
>>> On Oct 21, 2020, at 11:55 AM, Paul Kyzivat <pkyzivat@alum.mit.edu <mailto:pkyzivat@alum.mit.edu><mailto:pkyzivat@alum.mit.edu <mailto:pkyzivat@alum.mit.edu>>> wrote:
>>> 
>>> On 10/20/20 3:15 PM, Brian Rosen wrote:
>>>> This is still an open item and distinct from the “signed code” issue we’ve been discussing.
>>>> The current text describes a single file that can have multiple sets of provider configuration data. This caters to the common case of a user having more than provider account.  The problem with the text is it has plaintext username/passwords, which is clearly wrong.
>>>> I see two solutions: require the local implementation to maintain a password (or other multi factor authentication, and encrypt the file so that the user needs to authenticate to access the file.  Paul is worried that the login data may be needed more frequently than is reasonable to enter the authentication data locally.
>>>> The other is to maintain separate files in provider systems, with a common authentication mechanism in each provider to access the file.
>>>> I think Paul’s argument doesn’t really hold much water: no SIP device I know of requires re-authentication that requires user interaction very often, so whatever they do now is okay.  I think they just keep the data locally, secure enough to re-use when they need to.  So unlock once, good for a very long time.
>>>> I’m reluctant to require all providers use the new OAUTH2 solution, but if they were okay with it, that would be excellent.  We would need some notion of common username, but otherwise it would just work.  Seems way too different from how things work now.  Very attractive, secure, and user-friendly.
>>> 
>>> My concern was with one configuration file vs. a separate one for each provider. This is rooted in how the file would be provisioned in the device.
>>> 
>>> My assumption is that this configuration is generated by the provider based on the user doing a web-based enrollment on the provider's web site, followed by the device downloading that configuration. If the user has accounts with different providers then this would happen separately for each, resulting is separate configuration files.
>>> 
>>> Do you have a different model in mind for how this would happen?
>>> 
>>> Thanks,
>>> Paul
>>> 
>>> --
>>> Rum mailing list
>>> Rum@ietf.org <mailto:Rum@ietf.org> <mailto:Rum@ietf.org <mailto:Rum@ietf.org>>
>>> https://www.ietf.org/mailman/listinfo/rum <https://www.ietf.org/mailman/listinfo/rum> <https://www.ietf.org/mailman/listinfo/rum <https://www.ietf.org/mailman/listinfo/rum>>
> 
> -- 
> Rum mailing list
> Rum@ietf.org <mailto:Rum@ietf.org>
> https://www.ietf.org/mailman/listinfo/rum <https://www.ietf.org/mailman/listinfo/rum>

v2.23.0 | Report a Bug | By Email