IETF Logo Mail Archive

Re: [Rum] [EXT] RUM security model

Eugene Christensen <echristensen@sorenson.com> Thu, 15 October 2020 19:30 UTC

Return-Path: <echristensen@sorenson.com>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 621843A0FC2 for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 12:30:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sorenson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zu1Tw3tLwQRv for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 12:30:57 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760074.outbound.protection.outlook.com [40.107.76.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3286B3A0CBE for <rum@ietf.org>; Thu, 15 Oct 2020 12:30:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UL/FmLy8qmZRzyZS5Ctc7VB77Sn+C4HF6jjnnuP5RxACiMObCWsNauaKrTHywHeZtCe0kOCrj6VoeUMuZS5Vi2wub+EIO5CJuYwQ1CPaX/VQXl8+byGLfbwGWMcxlZQ+SWcFA2uUGOuDax81SagMxIkOT6YHo+vJBMQc7lLunxNxdAOSN03Owt8Tno0g0xPyrPpDwPp80AkCcr1g6mo/um+LuOe6tS+bnItB//EN3b08n5NbvKwuoiQkGAYKstwFP7wb48r49sQVzXe9rcRISTu3RB6OlJ4d1AluMvHWlKGU+vP4ICdRP8R5lPZjxSDaOFMsuDSM3JcpIJJnAB/cCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7dXo1D2bmMSM/qIoxd5q+BkmMaSrWddW9H0f5gj4hgg=; b=e1wn92ZaVrPm9boPta0oAKIHkrtRmZWNKjg77cyAwhR52m8kBMnJxm6W70uKK2ANeWIK3areHx1zduDbW/o+bDXVzW0hKqeBQqkja05GyeCQF4pOXOV0w5yrsRoMwMi/4DYxmcDqaK6y5J0KHBmR1gFON09LjwTxGEvLAE9ANRoiTM6BK/s+a4ukvssXrQpAJ2IsIMekgDnTeknz6jCbgCp3/yaWpBecJSeE8F8ukacbUc6BAfXI+eTZXUqwYTd2191lSf4VV7u4QZgmtxogBvc5iber/PDtBTrCfx7foevUaIK9lriRZan2S6TLdGqJG4oi1QVNJUnGpceweVK2ow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sorenson.com; dmarc=pass action=none header.from=sorenson.com; dkim=pass header.d=sorenson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sorenson.onmicrosoft.com; s=selector2-sorenson-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7dXo1D2bmMSM/qIoxd5q+BkmMaSrWddW9H0f5gj4hgg=; b=SSHlm6cbtmOyuOIknRiJrRINJFR/gXmc9dSNR4boIAHTWUPPn4roxZclsdrQz0MOO1z/vw7HCw77VtcBelPlR3zUvEgz01BX0imom/EuxctZwWcJOC8+duAzdUMAHl8xd66XoRVuoe1QyF5DUBj/eaME73ukXfJMbNalm/bc/Ls=
Received: from BYAPR04MB4983.namprd04.prod.outlook.com (2603:10b6:a03:41::29) by BYAPR04MB4103.namprd04.prod.outlook.com (2603:10b6:a02:ad::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.24; Thu, 15 Oct 2020 19:30:53 +0000
Received: from BYAPR04MB4983.namprd04.prod.outlook.com ([fe80::e09a:6be0:ccf6:a8b1]) by BYAPR04MB4983.namprd04.prod.outlook.com ([fe80::e09a:6be0:ccf6:a8b1%7]) with mapi id 15.20.3477.020; Thu, 15 Oct 2020 19:30:53 +0000
From: Eugene Christensen <echristensen@sorenson.com>
To: Brian Rosen <br@brianrosen.net>
CC: "rum@ietf.org" <rum@ietf.org>
Thread-Topic: [Rum] [EXT] RUM security model
Thread-Index: AQHWlnxQD9PXpaMUFE6N0jV2IR9mp6mBxBhggAAW2wCAF0rLoA==
Date: Thu, 15 Oct 2020 19:30:52 +0000
Message-ID: <BYAPR04MB49831BE0D5B16E3DC64433C9A3020@BYAPR04MB4983.namprd04.prod.outlook.com>
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu> <3757_1601140882_5F6F7891_3757_32_1_a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu> <MN2PR09MB5948B9B3068E2AFA4EBE8A0AB9320@MN2PR09MB5948.namprd09.prod.outlook.com> <927a8854-51b9-c768-ee1e-5d0c4b76a45f@alum.mit.edu> <BYAPR04MB4983E82A884C12E33A316D60A3330@BYAPR04MB4983.namprd04.prod.outlook.com> <CAOPrzE0SvZKu5fhKv9vtivprmxu=Va0UtyttR8mJjAOUNeeFkQ@mail.gmail.com>
In-Reply-To: <CAOPrzE0SvZKu5fhKv9vtivprmxu=Va0UtyttR8mJjAOUNeeFkQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: brianrosen.net; dkim=none (message not signed) header.d=none;brianrosen.net; dmarc=none action=none header.from=sorenson.com;
x-originating-ip: [75.146.88.198]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16d8f6b8-d9d7-4b6e-5d8a-08d87140d49b
x-ms-traffictypediagnostic: BYAPR04MB4103:
x-microsoft-antispam-prvs: <BYAPR04MB4103FD84FEAFCC80EE2B68EAA3020@BYAPR04MB4103.namprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: X3qg4MBljddtMIl6NmrS12jpGijmwABW9OIDppH9qMkiAwy7FjZhY8UY2evWk3WJ7ycWYZflhhngaYm9S+/eezqrth1Fyk/odRgWxuyVwYHKwCMo1zbfXjMpu0EP0J7eDvuTeow4s3ZjGL0uPFl5KlU2v2xi5aAQpSZMKbxjWsE5Bxe/nSGGTVpC+yAtHWj4dcOOINnEUCdlF8ToRMZwJehO4EXyvtkwPZqFGiiiXP5aiqEKrDEG4rX2xA3er0iBkAUDt++yO28esn39mbz9LxpSqHCYocz9GTBjSl8JAWrt10IDlnV7AQX2JZVDZU5DUD16kapas5Ut3ijxsyhPjUDFzVWNEfsFONUZyWcewbKu7TtvaUvHpIES4I2uE9ydF4DhsdO1+IdzIzm4J1UBpA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR04MB4983.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(39850400004)(396003)(366004)(376002)(136003)(346002)(6916009)(2906002)(83380400001)(64756008)(33656002)(66446008)(52536014)(6506007)(26005)(66556008)(66946007)(7696005)(15650500001)(4326008)(316002)(76116006)(186003)(86362001)(55016002)(166002)(5660300002)(478600001)(53546011)(8676002)(66476007)(966005)(9686003)(71200400001)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: NBcbRpWtGLbpug6V1px3DGWXABvmWwOfwAFZy527Oho+d6Q/U9Xo7RM3ZM6jIhheIFrCLx++aR0mG6JA1X30MPcC3aCnMP303NnKnNa5+pN7aeVprmuP/xKLsCy9yspcXlV9IsJWmZQ/u3GQ95Yf3lDsyNO6VVGRZKapP1YuBxql8LY+Tafej1Qce54aFnBRo+F4g0mG5FAiUz1ORJXDiOZUx3F6b7I2pRHBagAPqQCWzKyS74EYELY8OrMoaraGj/kssnVz7X/yJZP5ddj2Y0e3a6DUhTHTeyyOxgJRACXXRQrqoRSfAPDpu586enOMgbXP/O7W1QXz8IFnjWWdIAdG4NquF1CTa5D3L6/2VDr9OUa5VfJPVHqKVGsbEfPK/Khb0jn8R/QFd7Cr220bN7QxjfDuHtcXX3OyzZdcnoSlFK8pfW2FBuijwc93ISJjsvcmh/yZT3OuDkP6smLN+r3GNP4Q9UzZF2jBAThOg8Z9h++f5hAfouxZZ3Snnd54AFLiGCtmlsfOnDWOMmEu7fSbUAYM3jGz/Z5kArBB4b+d96XeuhSy6LswBcgunhcr6JuA6P6FQ8uRtzQT6JqOVz4s3obl3lxlUkJKyVhOs3jdPxdWujCrDx0KQ1ST7/1cRNlkaWkWjwuhIC78DL0MPg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR04MB49831BE0D5B16E3DC64433C9A3020BYAPR04MB4983namp_"
MIME-Version: 1.0
X-OriginatorOrg: sorenson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR04MB4983.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16d8f6b8-d9d7-4b6e-5d8a-08d87140d49b
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2020 19:30:52.8034 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6b03ef08-a104-48c4-a951-f18d295428d5
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q9wt8VqEyWVtRnCSexvxvz+x5JQSyEwGuWsEykoBmS01wn9q91ROKzdKG9RcQ0WxKX0++eq5Kqu22miy+1iQ3NOCYoFy0nDrBsvK0XtP0Fc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR04MB4103
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/p6P-gHEX6JTgALiyRwcPhlLIXr8>
Subject: Re: [Rum] [EXT] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2020 19:30:59 -0000

Brian,

Admittedly I do not fully understand certificates and authentication but would client certificates or mutual authentication with a shared secret work here?

Thank you.

Eugene

CONFIDENTIALITY NOTICE. This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential and proprietary information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail at echristensen@sorenson.com<mailto:echristensen@sorenson.com> or by telephone at +1 (801) 287-9419, and destroy the original transmission and its attachments without reading them or saving them to disk.

From: Brian Rosen <br@brianrosen.net>
Sent: Wednesday, September 30, 2020 5:47 PM
To: Eugene Christensen <echristensen@sorenson.com>
Cc: rum@ietf.org
Subject: Re: [Rum] [EXT] RUM security model

[EXTERNAL]
I think we understand why you want it. What we don’t understand is what mechanism would provide it. I am generally aware of this class of problem and I’m not aware of a solution that will work.  So what we need is a suggested mechanism that provides the assurance you want that is technically sound.

Brian

On Wed, Sep 30, 2020 at 6:30 PM Eugene Christensen <echristensen@sorenson.com<mailto:echristensen@sorenson.com>> wrote:
Thanks for considering how we might implement this security mechanism.  May I add my voice that it is essential that we find an option for providing this desired security, whatever it is.  It could be detrimental to the VRS providers to have UAs out there, with the ability to register with VRS providers without first being fully vetted.  It is our practice anytime we make updates to our UAs to test how they work with our UAS before we ever release the new UA software into our production environment.  We only want UAs registering that have undergone this rigorous testing with our systems and then only with users which we have awareness of.



Thanks,

Eugene Christensen



CONFIDENTIALITY NOTICE. This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential and proprietary information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail at echristensen@sorenson.com<mailto:echristensen@sorenson.com> or by telephone at +1 (801) 287-9419, and destroy the original transmission and its attachments without reading them or saving them to disk.



--

Rum mailing list

Rum@ietf.org<mailto:Rum@ietf.org>

https://www.ietf.org/mailman/listinfo/rum

v2.23.0 | Report a Bug | By Email