IETF Logo Mail Archive

Re: [Sip] Event Lists: Back-End Credentials

David R Oran <oran@cisco.com> Thu, 28 October 2004 19:46 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA26669 for <sip-web-archive@ietf.org>; Thu, 28 Oct 2004 15:46:03 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNGRt-0007T5-Be for sip-web-archive@ietf.org; Thu, 28 Oct 2004 16:00:41 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNCn8-0005zW-0A; Thu, 28 Oct 2004 12:06:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CNC1i-0004J2-45 for sip@megatron.ietf.org; Thu, 28 Oct 2004 11:17:22 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24832 for <sip@ietf.org>; Thu, 28 Oct 2004 11:17:20 -0400 (EDT)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CNCFm-0004PJ-TI for sip@ietf.org; Thu, 28 Oct 2004 11:31:56 -0400
Received: from sj-core-1.cisco.com (171.71.177.237) by sj-iport-2.cisco.com with ESMTP; 28 Oct 2004 08:26:07 -0700
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id i9SFGek2013915; Thu, 28 Oct 2004 08:16:41 -0700 (PDT)
Received: from [10.32.245.154] (stealth-10-32-245-154.cisco.com [10.32.245.154]) by imail.cisco.com (8.12.11/8.12.10) with SMTP id i9SFIJVu006790; Thu, 28 Oct 2004 08:18:19 -0700
In-Reply-To: <5816828233DEFA41807A6CFDFDF2343C3A8BDA@esebe056.ntc.nokia.com>
References: <5816828233DEFA41807A6CFDFDF2343C3A8BDA@esebe056.ntc.nokia.com>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <618AA730-28F4-11D9-8FCC-000A95C73842@cisco.com>
Content-Transfer-Encoding: 7bit
From: David R Oran <oran@cisco.com>
Subject: Re: [Sip] Event Lists: Back-End Credentials
Date: Thu, 28 Oct 2004 11:16:45 -0400
To: hisham.khartabil@nokia.com
X-Mailer: Apple Mail (2.619)
IIM-SIG: v:"1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1098976700.405748"; x:"432200"; a:"rsa-sha1"; b:"nofws:2001"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2pXIw" "eAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRU" "tW+c43sl9jC50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"omTq0k0IgcgDF0SWEKfrd4zpTUSEe2nz4Mt7XDMCrZmZvF5pr+zo1PHd/PJuh" "ptPvC7ZBWP6DC0LdUgr6Bt8KrKrRmwUuyUCYUkPjE4ohTcaAL7OfRsiPRsClj" "apI94ag6meUHBmGq4oM7VuHuF8En3EzAQjjPa3jVXtyokIu6M="; c:"From: David R Oran <oran@cisco.com>"; c:"Subject: Re: [Sip] Event Lists: Back-End Credentials"; c:"Date: Thu, 28 Oct 2004 11:16:45 -0400"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Content-Transfer-Encoding: 7bit
Cc: sip@ietf.org, adam@nostrum.com
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Content-Transfer-Encoding: 7bit

On Oct 28, 2004, at 10:35 AM, hisham.khartabil@nokia.com wrote:

> I didn't know that communication with IESG is one way only. Can the 
> IESG member who is blocking this explain why this cannot be outside 
> the scope of this document?
>
> Anyway, so how about an XCAP usage document that is carried signed and 
> encrypted to the server using HTTP. That xcap usage document can 
> include realm, username and password for realms that the user knows 
> will be needed by the RLS.
>
That's precisely the problem. Now the RLS can impersonate the user and 
do anything the user could.

> Note that this is useful not just for backend subscriptions, but also 
> for any list usage we can think for that will result in backend 
> requests being sent on behalf of a client.
>
> A server needing a secret key to use on behave of a user can look in 
> the XCAP document of that user.
>
Can I be your RLS server? Please? Pretty please?

Dave.


> Regards,
> Hisham
>
>> -----Original Message-----
>> From: ext Adam Roach [mailto:adam@nostrum.com]
>> Sent: 28.October.2004 17:16
>> To: Khartabil Hisham (Nokia-TP-MSW/Helsinki)
>> Cc: sip@ietf.org
>> Subject: Re: [Sip] Event Lists: Back-End Credentials
>>
>>
>> hisham.khartabil@nokia.com wrote:
>>
>>> Why isn't it enough to say that the way an watcher passes
>> the key to
>>> the RLS is outside the scope of this document?
>>
>>
>> Because that's exactly what the document says right now, and the IESG
>> won't let it pass as a result.
>>
>>
>> /a
>>
>
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
>
David R. Oran
Cisco Fellow
Cisco Systems
7 Ladyslipper Lane
Acton, MA 01720 USA
Tel: +1 978 264 2048
Email: oran@cisco.com


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email