Re: [sipcore] SASL Authentication for SIP
Brian Rosen <br@brianrosen.net> Fri, 14 October 2022 17:21 UTC
Return-Path: <br@brianrosen.net>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65EBEC14F736 for <sipcore@ietfa.amsl.com>; Fri, 14 Oct 2022 10:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=brianrosen.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkGwHXJzOhim for <sipcore@ietfa.amsl.com>; Fri, 14 Oct 2022 10:21:08 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64679C14F718 for <sipcore@ietf.org>; Fri, 14 Oct 2022 10:21:08 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id g13so2880483ile.0 for <sipcore@ietf.org>; Fri, 14 Oct 2022 10:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen.net; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=mQSQNzYgRpHGtJnQz4bcDncaS0owKY+hkqZNAP0lsU0=; b=VHFYIdIO9uV9+kdofBSufqZjiLcm0HYxnXB/BQPJv/bFzQqMPz1U8OCfrgfPFGwC07 sJX8f6rsEV4hB0Q9NMjowWp15MMaEVcxzcHRvtafAvvWInkUTVVQjXVrbudhgItFBLEy QhM5x6nv+sH2gtBymvqYhPT+9ps+foK66wB5E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mQSQNzYgRpHGtJnQz4bcDncaS0owKY+hkqZNAP0lsU0=; b=ZdgW/pDlisVnltKp1yLBpS1XsCxQo8E8Rjz7tx7v1ciYeaK6qL9yfMCkUnE+QfT42l lcVZN4sCEQZ/si+AxRQ4LMfYHhUR4ESXAX/dV+IaNCPf+3rEgP3UvpPiMGnzpxwGnykt P12a4yVHfSIbdkdLdhMsP2qEq27q+els7uhYqMIBxlim6BvgE40ciMubj9kGdek/HK7w T6BfVUjNtLu7hJ+xhAkrg8KZarDYx6Y1/lONiScu2/K6TLCpPoF7eFhu/WkBba++58D9 NMjQF5y2cf45Em2VSAeFFbtTuS3GbnHcLT9/tPEb5VKpTFb+iGpCgkkTLyZ/rFmSJQ0g 6uZw==
X-Gm-Message-State: ACrzQf1W2KdyjmpXmBZJl0mL2EussG67PqLZoZcyXrsNEs+gbr8dEBS9 IZ4exRVoltjQeQXFGo9jjg3yQu/OCucoVBcS
X-Google-Smtp-Source: AMsMyM4JdwTGJ6y+k2EbzWh0+LSqC6UokYbGceIzj/B/p1TWkU+FGzWq2k3JinT+p7tf5wMfdAuqYg==
X-Received: by 2002:a92:d6cd:0:b0:2f9:c7b2:b944 with SMTP id z13-20020a92d6cd000000b002f9c7b2b944mr3005076ilp.119.1665768067453; Fri, 14 Oct 2022 10:21:07 -0700 (PDT)
Received: from smtpclient.apple (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id g6-20020a02c546000000b00363dfbb145asm1281698jaj.30.2022.10.14.10.21.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2022 10:21:06 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <20221014162340.GA7844@openfortress.nl>
Date: Fri, 14 Oct 2022 13:21:04 -0400
Cc: sipcore@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <69DDB655-0B52-4D14-A67A-54EC9A7D7DFE@brianrosen.net>
References: <20221014162340.GA7844@openfortress.nl>
To: Rick van Rein <rick@openfortress.nl>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/48is5DKgX3sIPtTRHGp_OpaFj-I>
Subject: Re: [sipcore] SASL Authentication for SIP
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 17:21:13 -0000
You are correct, sipcore is not meeting in London. Sipcore and asap are separate working groups and while they have many common members, if you only post to sipcore, some asap members will not get your message. Are you planning on requesting dispatch for your document? Brian > On Oct 14, 2022, at 12:23 PM, Rick van Rein <rick@openfortress.nl> wrote: > > Hello, > > Please note the following specification for SASL authentication > in SIP. This serves as an alternative for Digest authentication. > > The specification is based on our work on HTTP-SASL auth, and > may be combined with the SXOVER-PLUS mechanism that can be used > for Realm Crossover, that is, pass a client login attempt back > to their own domain, using TLS, DNSSEC and DANE to validate > that @domain.name part of the client identity. Combined, this > enables authentication across SIP domains that have never been > in contact before. > > Your feedback is kindly welcomed. I am assuming that the ASAP > group is present in SIPCORE, so that I should not cross-post. > > You are not present in London, right? > > Best, > > Rick van Rein > InternetWide.org > > > ----- ----- ----- ----- ----- ----- ----- > > > A new version of I-D, draft-vanrein-sipauth-sasl-01.txt > has been successfully submitted by Rick van Rein and posted to the > IETF repository. > > Name: draft-vanrein-sipauth-sasl > Revision: 01 > Title: SASL Authentication for SIP > Document date: 2022-10-14 > Group: Individual Submission > Pages: 13 > URL: https://www.ietf.org/archive/id/draft-vanrein-sipauth-sasl-01.txt > Status: https://datatracker.ietf.org/doc/draft-vanrein-sipauth-sasl/ > Htmlized: https://datatracker.ietf.org/doc/html/draft-vanrein-sipauth-sasl > Diff: https://www.ietf.org/rfcdiff?url2=draft-vanrein-sipauth-sasl-01 > > Abstract: > Many protocols benefit from "pluggable" authentication choice as a > result of SASL authentication. In the Session Initiation Protocol, > the independent branch of HTTP Authentication has been elected. > Recent progress has been made in bringing SASL to HTTP, but SIP has > its own special considerations and needs its own embedding to gain > the flexibility of SASL. > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson