IETF Logo Mail Archive

Re: [Rum] [EXT] RUM security model

Eugene Christensen <echristensen@sorenson.com> Fri, 30 October 2020 21:40 UTC

Return-Path: <echristensen@sorenson.com>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95C93A1264 for <rum@ietfa.amsl.com>; Fri, 30 Oct 2020 14:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sorenson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EvvpaT-8-Hg9 for <rum@ietfa.amsl.com>; Fri, 30 Oct 2020 14:40:47 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2075.outbound.protection.outlook.com [40.107.220.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 457BC3A1262 for <rum@ietf.org>; Fri, 30 Oct 2020 14:40:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OgKus9qXE2UDNGM5U1Qpa+Lf15WkjYKaKxnUl127/LpI81ggBomZtefY0bJdGejDTVkpq020ylP2c8m95rM2kLiqMqxRZje1cafb6zuzw8jZyR/G9YHfhvlaCSyLnYVsTTZ7sziBEDi5v+hbV5Eoj2LrtWT3QAflBz34rhGaEZpa6FPBQQEA91g80mqg+lPCdI/FVKsXEgtSwZ9p4WSwpspitIHXiFca9DIj/QUqqwstqNocYVgdu7xG5XmSXscj8CIQ97k/FFqwNaRBTvhsfEvnnn7SEstL4STTQnhTTw1e6h5qtFjIaXaq/U/4FABgAhemVxivww1wwWx3zCVyYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7c6YaQJR7uydIBJ+pKKFPqIeTDP+2eD4hCzn+G7DlzA=; b=Ssl5cPv3wGcqQtEw8QwbfUQEsrSrLNtTcbwBY9pQEPpawO3mOMiZoJN8mghdLk7VDiL/4pP9ipfn/oViJjPlbtIBFYK4+4Fav7vYcV5ojvBkGKWvWvqazoWIwDVFadGFmG5iGSpUB1wyl2EjtAW/Js0D8e1is3lE3QcjpmphQhyT4BRz6g3k74n7G8qLESyOANy32XkWxbU+Xp62ABRy0VJmOmON+ZajlBAcw30SToCqKl+6Dskj/3+gEhXFy337WdvZfcOyENHcgCFFALxCoWQfwKhWn020if9C4ev0auzYsiNcHaZQGItSo1HBNsIqoFFhV3xVHcOeRsfCcqAydQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sorenson.com; dmarc=pass action=none header.from=sorenson.com; dkim=pass header.d=sorenson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sorenson.onmicrosoft.com; s=selector2-sorenson-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7c6YaQJR7uydIBJ+pKKFPqIeTDP+2eD4hCzn+G7DlzA=; b=QmciDhpvBkYvicCSK56AWwY8pzFSb49w4DPgYTGSAc5hUWvogKa2dk1qnbFs3DkMYptXY75ENCYlswM9uRM0Obb0Qm9/v/8AwzPmPl5K6wWmmB2yUuK48xpQzGTxZy0uNChYNx+ZztYDHwwcZyueAXmgznT4I9bmjMPVf9nOvMo=
Received: from BYAPR04MB4983.namprd04.prod.outlook.com (2603:10b6:a03:41::29) by BY5PR04MB7123.namprd04.prod.outlook.com (2603:10b6:a03:227::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.22; Fri, 30 Oct 2020 21:40:46 +0000
Received: from BYAPR04MB4983.namprd04.prod.outlook.com ([fe80::e09a:6be0:ccf6:a8b1]) by BYAPR04MB4983.namprd04.prod.outlook.com ([fe80::e09a:6be0:ccf6:a8b1%7]) with mapi id 15.20.3477.029; Fri, 30 Oct 2020 21:40:46 +0000
From: Eugene Christensen <echristensen@sorenson.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, "Olle E. Johansson" <oej@edvina.net>, Brian Rosen <br@brianrosen.net>
CC: "rum@ietf.org" <rum@ietf.org>
Thread-Topic: [Rum] [EXT] RUM security model
Thread-Index: AQHWlnxQD9PXpaMUFE6N0jV2IR9mp6mBxBhggAAW2wCAF0rLoIAAMpaAgAAXOoCAAAeJgIAAAV6AgAD5eYCABjafAIAAF2wAgAFtX5CAABXWAIABCTiAgACYEgCADPFHMA==
Date: Fri, 30 Oct 2020 21:40:46 +0000
Message-ID: <BYAPR04MB4983A00EF9CA72582AC270FAA3150@BYAPR04MB4983.namprd04.prod.outlook.com>
References: <4d6ba97f-a83d-3d36-14a9-c6e84dd5b874@alum.mit.edu> <7A11F680-9EA6-4477-9BD8-6A7755AD0054@brianrosen.net> <7fdb95e6-e954-7275-60f7-462cf07eff0e@alum.mit.edu> <CAOPrzE1ONDUcGwvcfRhpyu9YM5JJJD92AsLKaeXvXqH4fmNbBw@mail.gmail.com> <92b5d34b-2fbf-0e2b-8562-8f7d11c5123b@alum.mit.edu> <F03944C6-0C19-4964-94A8-658B338526D4@brianrosen.net> <5e6d8446-c267-5113-aff1-fc87576b1317@alum.mit.edu> <BYAPR04MB49835526E9F63A38A5C56B86A31C0@BYAPR04MB4983.namprd04.prod.outlook.com> <38090A50-6572-4A8E-97D4-C260323365AE@brianrosen.net> <EC92824F-0175-407A-8175-A95DFE197B22@edvina.net> <f5c85256-45fe-2c0b-2b93-3fe4fd24e557@alum.mit.edu>
In-Reply-To: <f5c85256-45fe-2c0b-2b93-3fe4fd24e557@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: alum.mit.edu; dkim=none (message not signed) header.d=none;alum.mit.edu; dmarc=none action=none header.from=sorenson.com;
x-originating-ip: [75.146.88.198]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2b619152-d038-4b43-02b1-08d87d1c75f4
x-ms-traffictypediagnostic: BY5PR04MB7123:
x-microsoft-antispam-prvs: <BY5PR04MB71235BFDAC9EE773292FF44EA3150@BY5PR04MB7123.namprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I+FmNYgL8uPvD5gR0/IKHCGxEQzJP1rIAjflWDshnCuKWC59HwXFlInpB3Z29katRlpnaLKYPuTx7U5p2R4JPRCLIZtPNVQpEDIp/Rr/PRONyj7zX0wYQDTAqfEx1qnIyQZAOxw0Il0/ZrdQtATxdgKUUaMB3lbkYdEEhLv4Ozlq/Oeqj/6sN5v1wyk5ndOwzZ0+7hB9HLbEWC54XsE7dr5M1vGvqcxa820ehki86o+Xb/IoY9umBcw3oCFUCtCPPb0pFjCVxpzitYtHu2Ror5lCPmLOVNl36S5KdU62SlSrE8ReLcbyo2rQn9EhhGs4
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR04MB4983.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(39850400004)(136003)(346002)(376002)(316002)(5660300002)(33656002)(4326008)(9686003)(478600001)(55016002)(15650500001)(71200400001)(8936002)(66446008)(8676002)(64756008)(66946007)(66476007)(66574015)(110136005)(6506007)(2906002)(86362001)(66556008)(76116006)(186003)(52536014)(53546011)(83380400001)(7696005)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: aJM/RdXO6qXMHT0LhcBC2A+kaIA4u++Ds0UjY51RmHNmcsyq4clYGPfNawZXGTKqP3tjkjuMSog5jzAhEh5gUW7JbJe8Q66joCNJfBP+YvHPthbrdhX+oPOKROu86/ioVtFB+4NF/P46v1lryKLhlOCdDq6GIFyRAiwAw2SKJ7rEx18s5GujiNzn+I3rdvyT3axVs/6YZ433rqSnsxOB+PbulQACQfNSPiJ/9rR9DzDqZ2tfzYRmVgJhtLa7QCCu1drgQJmBtvu3GpKmgFahDNaryrktf3+16ptYnVrrthQqOjyd9Nw1lFtcFfxjaDWW2c7gNWbpYiuojCXHl5+YZ+BVTsmIoOnZrYIadf8WZhRSj+Ua9EJ+5pYJN32maRWdFOeoQWJ3zj9y1mQHGuai/K4fsI7ljSHu55A59HRblxwj93YxrNTcLaOOCmv92fISNICYD27uY08F+JEhSPfrb6EoKEu1pgLOTAWbuujPspfMISfqybnrQVbnYjrb+08k09G+AobKXMQwUNGqSBnFA8YT+503T3+z6wpRRj2QYzESwiMIMQ5bJEh42iHiq7uIPlq0qEfIqcER0geYj9cEjVjo3mn3LTQF3KlZRDdP4C2MTCZqtrLvU5Vwji/9gG2R63wQpGGDIGjh7QKmT3rYSQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sorenson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR04MB4983.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b619152-d038-4b43-02b1-08d87d1c75f4
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2020 21:40:46.3437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6b03ef08-a104-48c4-a951-f18d295428d5
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Y/SONIQFBfDaKB+OZPVlL7W5vjC4uXCGzrn6PeNXISZvaoKOgmXqS3mq/x7+K+UcYZpOiXjxsjWNDetxqUhNPmGMKuoJ+5IIDQilzsR+nXw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR04MB7123
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/eQnJT_5khRFLhPKoBinD23V9eSs>
Subject: Re: [Rum] [EXT] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 21:40:49 -0000

There has to be some amount of trust between the providers so I think we should consider the use of an API key for access to the provider's configuration service.  If an API key is given and another provider abuses that, it obviously could result in something bad but it could quickly be revoked by the provider; right?  And the company that has abused it will likely not be trusted in the future (motivation for maintaining trust).

Would it also be wise to use a client certificate for SIP communications once the RUE has the necessary info from the configuration service?  The client certificate could be embedded into the application.

Is there any reason we cannot use language that makes the use of the API key and client certificate optional, at the discretion of the provider?  (e.g. The providers MAY require an API key for their configuration service and/or a client certificate for SIP communications).

Thanks,

Eugene.

CONFIDENTIALITY NOTICE. This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential and proprietary information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail at echristensen@sorenson.com or by telephone at +1 (801) 287-9419, and destroy the original transmission and its attachments without reading them or saving them to disk.

-----Original Message-----
From: Paul Kyzivat <pkyzivat@alum.mit.edu> 
Sent: Thursday, October 22, 2020 9:34 AM
To: Olle E. Johansson <oej@edvina.net>; Brian Rosen <br@brianrosen.net>
Cc: Eugene Christensen <echristensen@sorenson.com>; rum@ietf.org
Subject: Re: [Rum] [EXT] RUM security model

[EXTERNAL] 

On 10/22/20 2:29 AM, Olle E. Johansson wrote:

[snip]

>> Brute force and DDoS attacks can’t be addressed by this document except in the Security Consideration section.  They are implementation issues.
> If there are specific attack vectors to RUM that doesn’t apply to SIP implementations in general, yes.

AFAIK there should be nothing special about VRS that makes it any more vulnerable to attack than any other sip service accessed over the public internet.

I'd like to hear from the providers if I am wrong about this.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email