Re: [Rum] RUM security model
Brian Rosen <br@brianrosen.net> Tue, 29 September 2020 12:58 UTC
Return-Path: <br@brianrosen.net>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0063A0C32 for <rum@ietfa.amsl.com>; Tue, 29 Sep 2020 05:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T750JpytaqnZ for <rum@ietfa.amsl.com>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 577253A0C22 for <rum@ietf.org>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id o5so4126120qke.12 for <rum@ietf.org>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SzgEdX3Rp7Ptj73fhxVsB5mOi+A0+EPKa0ilZBD+q+c=; b=ph8kPPxiCB8Dp1lGW7r4Zds/WOuxmHO26jHSp4Ni/2/jyA+nFsNYzIS0bfvFhbwVAS nx0by5MYaap0XudqIMat33PPcDBFDukKxvuiX+zQRBVr7pc7nA6O9VjQsV6mnUlis5gC W7x+zzvKaw2ng6iGavrhEnsfSptStk7TvRgRrWRaNhHCekdlakguhUwcbviZSyqvzQkP 9EryRyFqIPxqzCWKUmCkOsXM9xWxUCJh7rvS/0vK7bvv0Je9jwSQ6QA+Zzw5cgpaLUW3 8ZARKYU4wx3RbrvCt3Ln246RXnY68aOh17vdNTHPlzY592BiMHjiad81OpSO5W8nDTsJ az0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SzgEdX3Rp7Ptj73fhxVsB5mOi+A0+EPKa0ilZBD+q+c=; b=uOc4AkCbG4UvG4YLB3UCVes1ZBWcyDKPRMBzES3/HO200/etl1mRCyoIq6eDDn3CSN Qdgo4RHPNPOo35dt5xYe+ybpD6rnDtJYyXjgiiyKVLbC7WVcWAaesWml8fEPYUf5YMcw ieT1tOaeT6qv1bZeS6GqzccFLDjU4VMxrtE2aY6tfwcPev054mdxwunMF65MDg4SRL0E g9jX1EQPUqYLCxGOGFyLOtOXH1ceoisXHxM+NzKH4li4fzQdl8BNyxLwO5g4d9oOTKuW Qe/uKOPWCVSkw3VI8boi1hsycNgz6eTG1nvEjjHvPNvAgOuo/4IQeMH4QPE3hNu29xg5 STRw==
X-Gm-Message-State: AOAM533OiYeKc7hEgWrgJH+TbSM9CJiSBynczRMLckiYDHLwTVwUP507 msjWCAbAy4fLBQ7dKuuBEM3OWWNoJBqe7kGYCgbImVF5aDUp6w==
X-Google-Smtp-Source: ABdhPJy8OT9ipgwORSTNqp4YVqaaj4Tv38g+7kP8Tom7xt5PYNiRFkriT+1CNl7080DMI8c/gflZPxKU4qHWf655G4A=
X-Received: by 2002:a37:6301:: with SMTP id x1mr4096846qkb.323.1601384292332; Tue, 29 Sep 2020 05:58:12 -0700 (PDT)
MIME-Version: 1.0
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu> <a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu> <303CFB8D-1323-4237-8D84-91BF6201B6F5@brianrosen.net> <ce9be41c-381e-81c5-6b8d-e1feb34291ee@alum.mit.edu> <bafc0030-53c6-bb93-cdb1-587b042e78f5@alum.mit.edu> <EEABE6F0-1720-4279-AC4F-3DCB10B6724C@edvina.net>
In-Reply-To: <EEABE6F0-1720-4279-AC4F-3DCB10B6724C@edvina.net>
From: Brian Rosen <br@brianrosen.net>
Date: Tue, 29 Sep 2020 08:58:01 -0400
Message-ID: <CAOPrzE3QSBZHzpA1r5unPN7iqm1=TDUDesJfwRByz9LwVGnoSg@mail.gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Cc: Paul Kyzivat <pkyzivat@alum.mit.edu>, rum@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e4cd5705b073552f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/bf3HvgWR8E_ar_6JbChzVdT-rmc>
Subject: Re: [Rum] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 12:58:19 -0000
While I personally think thats the way to go, most existing providers use the existing registration mechanisms. If they were supportive of using OAUTH2 instead, I would be VERY happy to make that change. But that wouldn’t solve the problem we are discussing, which is how the RUE device maintains credentials from multiple providers. I suppose the providers could use another provider as a identity provider for the purposes of logging in their own customer, but that is even more remote from where they are now. Brian On Tue, Sep 29, 2020 at 2:08 AM Olle E. Johansson <oej@edvina.net> wrote: > > > > > > On 28 Sep 2020, at 21:33, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote: > > > > > > On 9/27/20 12:35 AM, Paul Kyzivat wrote: > > >> On 9/26/20 8:58 PM, Brian Rosen wrote: > > >>> I think we do want the spec to support multiple providers on one > device/user. I think that’s the point of having the file. If it wasn’t > them the user could just use the password for the single provider directly > and not need any other mechanism. > > >>> > > >>> ISTM that if the user has a password (and possibly a second factor > like a USB security device), then it can securely unlock a local resource > that contains the credentials. They can be stored encrypted, where the > decrypt requires the passwords at least initially. > > >>> > > >>> The simplest model is perhaps too simple: a local encrypted file > containing sign-on credentials that is decrypted with the user entering a > password. That is one password per user regardless of how many providers > they use. > > >> Yes, I think it is too simple. The RUE needs access to those sign-on > credentials in situations where the user isn't present. For instance, > suppose it is restarted due to power failure. Then it must reregister ASAP > in order to be available to receive incoming calls. There are lots of other > cases as well. > > > > > > I definitely am not up to speed on the state of the art in this area. I > wonder if we can recruit an expert to help. Perhaps request a security > review. > > > > > I think RUM is a perfect use-case for the new Oauth2/OpenID Connect auth > mechanism in SIP. > > > > /O > > > > -- > > Rum mailing list > > Rum@ietf.org > > https://www.ietf.org/mailman/listinfo/rum > >
- [Rum] I-D Action: draft-ietf-rum-rue-03.txt internet-drafts
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt James Hamlin
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt James Hamlin
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Paul Kyzivat
- [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Brian Rosen
- Re: [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Paul Kyzivat
- Re: [Rum] RUM security model Olle E. Johansson
- Re: [Rum] [EXT] RUM security model Jim Malloy
- Re: [Rum] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Jim Malloy
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] I-D Action: draft-ietf-rum-rue-03.txt Brian Rosen
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Asveren, Tolga
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Olle E. Johansson
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Paul Kyzivat
- Re: [Rum] [EXT] RUM security model Brian Rosen
- Re: [Rum] [EXT] RUM security model Eugene Christensen
- Re: [Rum] [EXT] RUM security model Brian Rosen