IETF Logo Mail Archive

RE: [Sip] Event Lists: Back-End Credentials

hisham.khartabil@nokia.com Fri, 29 October 2004 02:35 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA24554 for <sip-web-archive@ietf.org>; Thu, 28 Oct 2004 22:35:56 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNMqc-0000K9-DN for sip-web-archive@ietf.org; Thu, 28 Oct 2004 22:50:38 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNKHE-0007X2-Qh; Thu, 28 Oct 2004 20:05:56 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNJ97-0000vY-3Y for sip@megatron.ietf.org; Thu, 28 Oct 2004 18:53:29 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA03487 for <sip@ietf.org>; Thu, 28 Oct 2004 18:53:26 -0400 (EDT)
From: hisham.khartabil@nokia.com
Received: from mgw-x4.nokia.com ([131.228.20.27]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNJNF-0001Nj-AY for sip@ietf.org; Thu, 28 Oct 2004 19:08:06 -0400
Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9SMrFl28648; Fri, 29 Oct 2004 01:53:15 +0300 (EET DST)
X-Scanned: Fri, 29 Oct 2004 01:53:03 +0300 Nokia Message Protector V1.3.31 2004060815 - RELEASE
Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id i9SMr3Xs009560; Fri, 29 Oct 2004 01:53:03 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks004.ntc.nokia.com 00QkQKLx; Fri, 29 Oct 2004 01:53:02 EEST
Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9SMr0a11933; Fri, 29 Oct 2004 01:53:00 +0300 (EET DST)
Received: from esebe016.NOE.Nokia.com ([172.21.138.55]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 29 Oct 2004 01:53:00 +0300
Received: from esebe056.NOE.Nokia.com ([172.21.143.51]) by esebe016.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 29 Oct 2004 01:53:00 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] Event Lists: Back-End Credentials
Date: Fri, 29 Oct 2004 01:52:59 +0300
Message-ID: <5816828233DEFA41807A6CFDFDF2343C3A8BDD@esebe056.ntc.nokia.com>
Thread-Topic: [Sip] Event Lists: Back-End Credentials
Thread-Index: AcS9AWNebNNDBqcbRu2df1b0hePN4gAPtgpg
To: oran@cisco.com
X-OriginalArrivalTime: 28 Oct 2004 22:53:00.0307 (UTC) FILETIME=[DFC60630:01C4BD40]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Content-Transfer-Encoding: quoted-printable
Cc: sip@ietf.org, adam@nostrum.com
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4
Content-Transfer-Encoding: quoted-printable


> -----Original Message-----
> From: ext David R Oran [mailto:oran@cisco.com]
> Sent: 28.October.2004 18:17
> To: Khartabil Hisham (Nokia-TP-MSW/Helsinki)
> Cc: adam@nostrum.com; sip@ietf.org
> Subject: Re: [Sip] Event Lists: Back-End Credentials
> 
> 
> 
> On Oct 28, 2004, at 10:35 AM, hisham.khartabil@nokia.com wrote:
> 
> > I didn't know that communication with IESG is one way only. Can the 
> > IESG member who is blocking this explain why this cannot be outside 
> > the scope of this document?
> >
> > Anyway, so how about an XCAP usage document that is carried 
> signed and 
> > encrypted to the server using HTTP. That xcap usage document can 
> > include realm, username and password for realms that the user knows 
> > will be needed by the RLS.
> >
> That's precisely the problem. Now the RLS can impersonate the 
> user and 
> do anything the user could.

I thought the problem was how to transport the secret to the RLS. Irrespective of how that is done (using XCAP or carrying it in the SUBSCRIBE request itself), you will face the same problem you describe above. So am I right in assuming that you're advocating Adam's latest suggestion on RLS doing backend subscription using its own address?

> 
> > Note that this is useful not just for backend 
> subscriptions, but also 
> > for any list usage we can think for that will result in backend 
> > requests being sent on behalf of a client.
> >
> > A server needing a secret key to use on behave of a user 
> can look in 
> > the XCAP document of that user.
> >
> Can I be your RLS server? Please? Pretty please?

Ok, but if you behave :) You would expect a trust relationship between the client and the RLS.

/Hisham

> 
> Dave.
> 
> 
> > Regards,
> > Hisham
> >
> >> -----Original Message-----
> >> From: ext Adam Roach [mailto:adam@nostrum.com]
> >> Sent: 28.October.2004 17:16
> >> To: Khartabil Hisham (Nokia-TP-MSW/Helsinki)
> >> Cc: sip@ietf.org
> >> Subject: Re: [Sip] Event Lists: Back-End Credentials
> >>
> >>
> >> hisham.khartabil@nokia.com wrote:
> >>
> >>> Why isn't it enough to say that the way an watcher passes
> >> the key to
> >>> the RLS is outside the scope of this document?
> >>
> >>
> >> Because that's exactly what the document says right now, 
> and the IESG
> >> won't let it pass as a result.
> >>
> >>
> >> /a
> >>
> >
> > _______________________________________________
> > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol
> > Use sip-implementors@cs.columbia.edu for questions on current sip
> > Use sipping@ietf.org for new developments on the application of sip
> >
> David R. Oran
> Cisco Fellow
> Cisco Systems
> 7 Ladyslipper Lane
> Acton, MA 01720 USA
> Tel: +1 978 264 2048
> Email: oran@cisco.com
> 
> 

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email