IETF Logo Mail Archive

Re: [Rum] RUM security model

Brian Rosen <br@brianrosen.net> Tue, 29 September 2020 12:58 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0063A0C32 for <rum@ietfa.amsl.com>; Tue, 29 Sep 2020 05:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T750JpytaqnZ for <rum@ietfa.amsl.com>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 577253A0C22 for <rum@ietf.org>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id o5so4126120qke.12 for <rum@ietf.org>; Tue, 29 Sep 2020 05:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SzgEdX3Rp7Ptj73fhxVsB5mOi+A0+EPKa0ilZBD+q+c=; b=ph8kPPxiCB8Dp1lGW7r4Zds/WOuxmHO26jHSp4Ni/2/jyA+nFsNYzIS0bfvFhbwVAS nx0by5MYaap0XudqIMat33PPcDBFDukKxvuiX+zQRBVr7pc7nA6O9VjQsV6mnUlis5gC W7x+zzvKaw2ng6iGavrhEnsfSptStk7TvRgRrWRaNhHCekdlakguhUwcbviZSyqvzQkP 9EryRyFqIPxqzCWKUmCkOsXM9xWxUCJh7rvS/0vK7bvv0Je9jwSQ6QA+Zzw5cgpaLUW3 8ZARKYU4wx3RbrvCt3Ln246RXnY68aOh17vdNTHPlzY592BiMHjiad81OpSO5W8nDTsJ az0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SzgEdX3Rp7Ptj73fhxVsB5mOi+A0+EPKa0ilZBD+q+c=; b=uOc4AkCbG4UvG4YLB3UCVes1ZBWcyDKPRMBzES3/HO200/etl1mRCyoIq6eDDn3CSN Qdgo4RHPNPOo35dt5xYe+ybpD6rnDtJYyXjgiiyKVLbC7WVcWAaesWml8fEPYUf5YMcw ieT1tOaeT6qv1bZeS6GqzccFLDjU4VMxrtE2aY6tfwcPev054mdxwunMF65MDg4SRL0E g9jX1EQPUqYLCxGOGFyLOtOXH1ceoisXHxM+NzKH4li4fzQdl8BNyxLwO5g4d9oOTKuW Qe/uKOPWCVSkw3VI8boi1hsycNgz6eTG1nvEjjHvPNvAgOuo/4IQeMH4QPE3hNu29xg5 STRw==
X-Gm-Message-State: AOAM533OiYeKc7hEgWrgJH+TbSM9CJiSBynczRMLckiYDHLwTVwUP507 msjWCAbAy4fLBQ7dKuuBEM3OWWNoJBqe7kGYCgbImVF5aDUp6w==
X-Google-Smtp-Source: ABdhPJy8OT9ipgwORSTNqp4YVqaaj4Tv38g+7kP8Tom7xt5PYNiRFkriT+1CNl7080DMI8c/gflZPxKU4qHWf655G4A=
X-Received: by 2002:a37:6301:: with SMTP id x1mr4096846qkb.323.1601384292332; Tue, 29 Sep 2020 05:58:12 -0700 (PDT)
MIME-Version: 1.0
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu> <a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu> <303CFB8D-1323-4237-8D84-91BF6201B6F5@brianrosen.net> <ce9be41c-381e-81c5-6b8d-e1feb34291ee@alum.mit.edu> <bafc0030-53c6-bb93-cdb1-587b042e78f5@alum.mit.edu> <EEABE6F0-1720-4279-AC4F-3DCB10B6724C@edvina.net>
In-Reply-To: <EEABE6F0-1720-4279-AC4F-3DCB10B6724C@edvina.net>
From: Brian Rosen <br@brianrosen.net>
Date: Tue, 29 Sep 2020 08:58:01 -0400
Message-ID: <CAOPrzE3QSBZHzpA1r5unPN7iqm1=TDUDesJfwRByz9LwVGnoSg@mail.gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Cc: Paul Kyzivat <pkyzivat@alum.mit.edu>, rum@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e4cd5705b073552f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/bf3HvgWR8E_ar_6JbChzVdT-rmc>
Subject: Re: [Rum] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 12:58:19 -0000

While I personally think thats the way to go, most existing providers use
the existing registration mechanisms. If they were supportive of using
OAUTH2 instead, I would be VERY happy to make that change.

But that wouldn’t solve the problem we are discussing, which is how the RUE
device maintains credentials from multiple providers.  I suppose the
providers could use another provider as a identity provider for the
purposes of logging in their own customer, but that is even more remote
from where they are now.

Brian

On Tue, Sep 29, 2020 at 2:08 AM Olle E. Johansson <oej@edvina.net> wrote:

>
>
>
>
> > On 28 Sep 2020, at 21:33, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
>
> >
>
> > On 9/27/20 12:35 AM, Paul Kyzivat wrote:
>
> >> On 9/26/20 8:58 PM, Brian Rosen wrote:
>
> >>> I think we do want the spec to support multiple providers on one
> device/user.  I think that’s the point of having the file.  If it wasn’t
> them the user could just use the password for the single provider directly
> and not need any other mechanism.
>
> >>>
>
> >>> ISTM that if the user has a password (and possibly a second factor
> like a USB security device), then it can securely unlock a local resource
> that contains the credentials.  They can be stored encrypted, where the
> decrypt requires the passwords at least initially.
>
> >>>
>
> >>> The simplest model is perhaps too simple: a local encrypted file
> containing sign-on credentials that is decrypted with the user entering a
> password.  That is one password per user regardless of how many providers
> they use.
>
> >> Yes, I think it is too simple. The RUE needs access to those sign-on
> credentials in situations where the user isn't present. For instance,
> suppose it is restarted due to power failure. Then it must reregister ASAP
> in order to be available to receive incoming calls. There are lots of other
> cases as well.
>
> >
>
> > I definitely am not up to speed on the state of the art in this area. I
> wonder if we can recruit an expert to help. Perhaps request a security
> review.
>
> >
>
> I think RUM is a perfect use-case for the new Oauth2/OpenID Connect auth
> mechanism in SIP.
>
>
>
> /O
>
>
>
> --
>
> Rum mailing list
>
> Rum@ietf.org
>
> https://www.ietf.org/mailman/listinfo/rum
>
>

v2.23.0 | Report a Bug | By Email