Re: [sipcore] No WebSocket level authentication scenario [was RE: I-D Action: draft-ietf-sipcore-sip-websocket-09.txt]
Iñaki Baz Castillo <ibc@aliax.net> Wed, 19 June 2013 11:32 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2AE521F9B9E for <sipcore@ietfa.amsl.com>; Wed, 19 Jun 2013 04:32:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.658
X-Spam-Level:
X-Spam-Status: No, score=-2.658 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngpHe4ZsTtFo for <sipcore@ietfa.amsl.com>; Wed, 19 Jun 2013 04:32:30 -0700 (PDT)
Received: from mail-qe0-f50.google.com (mail-qe0-f50.google.com [209.85.128.50]) by ietfa.amsl.com (Postfix) with ESMTP id AB33921F9B8F for <sipcore@ietf.org>; Wed, 19 Jun 2013 04:32:30 -0700 (PDT)
Received: by mail-qe0-f50.google.com with SMTP id f6so3190001qej.9 for <sipcore@ietf.org>; Wed, 19 Jun 2013 04:32:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=KbKTN2NBo7icKyVLv2ILF7j72dYbkPa6Br6+zrn+8Dg=; b=S9d+x3bp/iiZfaNh5Z679NjUYVq7li9UkoK48035z8smBm9pYbrfDMkKpyrb/OiGEE uXaHZwxk2h8djfdcBM2+nwtMi8IIWTdZSw0+Nt+QYZZk0FkMC3F6r6aD5SyjxhcbcDBA HPFsuSs6QeMYkWNNmidLVRiKJL3Doh287BAQMTFEJoxl8qh8gHIISKQBvH3RWWpa39Y5 +zWH2Fc863sKyAzgBeMyiCRCl5JxTCHjGptnleblnd4Q1J1jPM5bAvpV20GZt6j3lgg8 htkaSf22gyjWWgHIIxhQ6BAyUVaNlntxBjYtK2n9lduS5hw8XFRGhVK5TK9p4iTgiMQS bEYQ==
X-Received: by 10.49.81.244 with SMTP id d20mr2800174qey.33.1371641550009; Wed, 19 Jun 2013 04:32:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.49.67.65 with HTTP; Wed, 19 Jun 2013 04:32:09 -0700 (PDT)
In-Reply-To: <12FDD6C8-F172-4B3B-A83A-211CF553DA1A@ag-projects.com>
References: <20130613011708.18316.28106.idtracker@ietfa.amsl.com> <CALiegfkg-KU1bB01eLXuksZV1ehBY92uf+0+F3fQuha-WnOS1A@mail.gmail.com> <013c01ce6c4e$29e33c90$7da9b5b0$@co.in> <CALiegfnQ8=R1PRbHwPSDjJ=jH+bBeiNqjU12yr8KmJvHWQg1Mg@mail.gmail.com> <12FDD6C8-F172-4B3B-A83A-211CF553DA1A@ag-projects.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Wed, 19 Jun 2013 13:32:09 +0200
Message-ID: <CALiegfneR2MwFEgGnZVtNJUXbDv0Mw0uWK2RYOGi-euWvYpR1g@mail.gmail.com>
To: Saúl Ibarra Corretgé <saul@ag-projects.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQl4JRP6xvBwVYOGFNRHmvnipAio8j25OtE1gVLRydrJB2zEqZ8P1L/xQ0aeBLlko9uALcOF
Cc: "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>, Parthasarathi R <partha@parthasarathi.co.in>
Subject: Re: [sipcore] No WebSocket level authentication scenario [was RE: I-D Action: draft-ietf-sipcore-sip-websocket-09.txt]
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 11:32:36 -0000
2013/6/19 Saúl Ibarra Corretgé <saul@ag-projects.com>: > Why is authentication a MUST? Lets assume that I'm using UDP and my proxy establishes a WS connection with a foreign domain's proxy because of NAPTR and my proxy supports acting as a WS client. It obviously won't be able to authenticate. If this scenario supposed to be covered? Honestly I agree. I cannot find in RFC 3261 (or other RFCs) a normative statement mandating authentication, regardless the request comes from a UA. In another thread we are discussing about MTI authentication mechanisms that must be implemented by SIP WS Clients and Servers. IMHO that is correct, but mandating SIP authentication or WWW authentication for ALL the scenarios seem innapropriate for me. I come back to an use case: A website (a shop) offers a widget in which the visitor can click and made a SIP call (+WebRTC) that will end in the callcenter of the company, answered by an agent that will inform the user about the product he is interested in. Why do we require WWW or SIP authentication in this scenario? If WG agrees with this, I will remove the normative statements in "Authentication" section, and instead address the MTI authentication mechanisms. -- Iñaki Baz Castillo <ibc@aliax.net>
- [sipcore] I-D Action: draft-ietf-sipcore-sip-webs… internet-drafts
- Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-… Iñaki Baz Castillo
- [sipcore] No WebSocket level authentication scena… Parthasarathi R
- Re: [sipcore] No WebSocket level authentication s… Iñaki Baz Castillo
- Re: [sipcore] No WebSocket level authentication s… Saúl Ibarra Corretgé
- Re: [sipcore] No WebSocket level authentication s… Iñaki Baz Castillo
- Re: [sipcore] No WebSocket level authentication s… DRAGE, Keith (Keith)
- Re: [sipcore] No WebSocket level authentication s… Iñaki Baz Castillo
- Re: [sipcore] No WebSocket level authentication s… Paul Kyzivat
- Re: [sipcore] No WebSocket level authentication s… Parthasarathi R
- Re: [sipcore] No WebSocket level authentication s… Paul Kyzivat