IETF Logo Mail Archive

Re: [Rum] Configuration file

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 21 October 2020 15:55 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06D33A12EC for <rum@ietfa.amsl.com>; Wed, 21 Oct 2020 08:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bnb50zDwnJp0 for <rum@ietfa.amsl.com>; Wed, 21 Oct 2020 08:55:41 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2059.outbound.protection.outlook.com [40.107.236.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7C793A136F for <rum@ietf.org>; Wed, 21 Oct 2020 08:55:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c8TuSdWj+1pLOwgpZGxAZOT6hhqsVbPY3b05Vb4VgOROgeuyal52hj5I3VlhSwkOWH1v4Lzoh/e+7HOO2D4TuKtjEGmpHbKazXSh4pnn61mVyy1PTJYmc+iMXsWycfMiGrwd1dZDuV9UtU5GfpjT5AJvnmZ0rjdX84Rozr83CS0YysgluPLgJ3ZcFBGPx48eSc9jSF88G7FpNz2DBNIQS6RNmKe2LN29IQrAFFJJH1/NTb8JxGG0vC3TpbB0QhAduH/JdRnLWmKk5+QsKhbH9az47e9XtMsxs6kYP+nNXg4PIIegDYT8+6x3Vtcbyyg5lWuMfUrIU9dUfICzw5rb3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ps8rM6h0/iuW3KLf98fawNY+Q3YkurhPM8qrHYGgxc8=; b=E5+ZrA3tc5Bir2gcl0RW/KaHjJUZ2Da3lk7bhiQwQB1R74LIyJtr+sX+eo5zVfG9uTVn+kD2EMMfkyaxVkd1I+IsF/Sk7N7WXdh9fUnzoZp5whk3g8MVe4Y2gFK3B4nwPuuWQKVZA/zICPG1uUtYiQFfTpMQbLcry4ak2sfl9lRbHDf7/mejCp8fhqLG40qYoDxbCFX88U0x9kGfputvSwhL6Nyon4pCVSel7aGEtURr/KKrR6ol8uXg4AG7bMzZzhLJrFf5MH7OSGvsOzJm/9mbumui0I1sgrv2gpBilpmsAiN4dI2W3ypYLa46JcF01d901vnSExiO1dTlv4ckeQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ps8rM6h0/iuW3KLf98fawNY+Q3YkurhPM8qrHYGgxc8=; b=grcuvo2ig/jTv3P7bwraFMi7E9lThVFoSYcd2/A3JiwTDn2xe996Q5mxSdVaMfiBn8I0DCZgY4i9CYcpCl/l6vqNee3rbRpTE9MJEnT5UbYhNAFAaihZD5tp1d11a+bbBiRmj31wLo2GUKoJ1xBuWUBN1cPuocWK4D6Y3aAuEPY=
Received: from SN1PR12CA0060.namprd12.prod.outlook.com (2603:10b6:802:20::31) by CY4PR1201MB2500.namprd12.prod.outlook.com (2603:10b6:903:d0::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Wed, 21 Oct 2020 15:55:37 +0000
Received: from SN1NAM02FT024.eop-nam02.prod.protection.outlook.com (2603:10b6:802:20:cafe::4d) by SN1PR12CA0060.outlook.office365.com (2603:10b6:802:20::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Wed, 21 Oct 2020 15:55:37 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT024.mail.protection.outlook.com (10.152.72.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend Transport; Wed, 21 Oct 2020 15:55:37 +0000
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 09LFtZ3j000509 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Wed, 21 Oct 2020 11:55:35 -0400
To: rum@ietf.org
References: <B8C4519D-60F7-4AA0-BE5F-2494578656DB@brianrosen.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <e353ef87-1814-87b8-8a5e-52f8e325c54e@alum.mit.edu>
Date: Wed, 21 Oct 2020 11:55:34 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.3.3
MIME-Version: 1.0
In-Reply-To: <B8C4519D-60F7-4AA0-BE5F-2494578656DB@brianrosen.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 625d6e20-19c3-4cd4-245b-08d875d9c092
X-MS-TrafficTypeDiagnostic: CY4PR1201MB2500:
X-Microsoft-Antispam-PRVS: <CY4PR1201MB25006C49049D43D1A1109C09F91C0@CY4PR1201MB2500.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: XjSvYcXH3bzclzCRJuGUaFuwnKfzuxgxtkLryMrzOSrnyxtlPb0zLKfrKFVUA6OyRLHiCoKglY7MwvajYr4JBwfSF5G1eeO22Ho3RpxMeqd5O4hp57fPe56EIxhHGmJULV6g1TSCtNCrP8hQa3iGGlefAycEXNbV/8zmy5AuHYZkufQhjCf+qdVvbZoU2hjuBMAjCnXrrRYWCOXYXjKkJjYK79y3RhcQ9KoOsZQw/LMb5q8nZfCGtluodZTNGzygqli15h12JtbDOOF1rfbIH8FJG4oj2MT/Vgx+W2W9Ap8QAwtsaBD00M9P4dyx7FHswpfrKdTOhh/K2niFYKITsdslCcl70tHX5wH9NC9f7ezwRS/7TSOgr0I0ICZa/Z6KrRYNU8VhRcj2HnLnVkH+s+lEbGC70zbbLE5t8Hp2qYm+l5/YCKLY+Mzo6y8RriCL
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(346002)(376002)(396003)(39860400002)(136003)(46966005)(336012)(86362001)(356005)(83380400001)(8936002)(2616005)(75432002)(956004)(8676002)(53546011)(26005)(70206006)(36906005)(70586007)(31686004)(82740400003)(6916009)(31696002)(7596003)(186003)(2906002)(5660300002)(786003)(316002)(478600001)(82310400003)(47076004)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2020 15:55:37.0292 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 625d6e20-19c3-4cd4-245b-08d875d9c092
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT024.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB2500
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/wQllNONFXES_ty6icUw0i_XQRdU>
Subject: Re: [Rum] Configuration file
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 15:55:49 -0000

On 10/20/20 3:15 PM, Brian Rosen wrote:
> This is still an open item and distinct from the “signed code” issue we’ve been discussing.
> 
> The current text describes a single file that can have multiple sets of provider configuration data.  This caters to the common case of a user having more than provider account.  The problem with the text is it has plaintext username/passwords, which is clearly wrong.
> 
> I see two solutions: require the local implementation to maintain a password (or other multi factor authentication, and encrypt the file so that the user needs to authenticate to access the file.  Paul is worried that the login data may be needed more frequently than is reasonable to enter the authentication data locally.
> 
> The other is to maintain separate files in provider systems, with a common authentication mechanism in each provider to access the file.
> 
> I think Paul’s argument doesn’t really hold much water: no SIP device I know of requires re-authentication that requires user interaction very often, so whatever they do now is okay.  I think they just keep the data locally, secure enough to re-use when they need to.  So unlock once, good for a very long time.
> 
> I’m reluctant to require all providers use the new OAUTH2 solution, but if they were okay with it, that would be excellent.  We would need some notion of common username, but otherwise it would just work.  Seems way too different from how things work now.  Very attractive, secure, and user-friendly.

My concern was with one configuration file vs. a separate one for each 
provider. This is rooted in how the file would be provisioned in the device.

My assumption is that this configuration is generated by the provider 
based on the user doing a web-based enrollment on the provider's web 
site, followed by the device downloading that configuration. If the user 
has accounts with different providers then this would happen separately 
for each, resulting is separate configuration files.

Do you have a different model in mind for how this would happen?

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email