IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt

Roman Shpount <roman@telurix.com> Wed, 10 July 2019 23:10 UTC

Return-Path: <roman@telurix.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1484F1202C5 for <sipcore@ietfa.amsl.com>; Wed, 10 Jul 2019 16:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.592
X-Spam-Level:
X-Spam-Status: No, score=-0.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jY_oLqV1Pyxf for <sipcore@ietfa.amsl.com>; Wed, 10 Jul 2019 16:10:55 -0700 (PDT)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC901202AD for <sipcore@ietf.org>; Wed, 10 Jul 2019 16:10:55 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id s27so1956836pgl.2 for <sipcore@ietf.org>; Wed, 10 Jul 2019 16:10:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6jD77bpUl2XxQPaadhyGE2Qh5HtrDOfXp1gJoQlIBMA=; b=aszMfwJc1SFRu8e4BK6JgXqod6sjjEJwvhEI7F/Li9zaqKMXPCq5GMV/wCNuQyCy2K +LDc2XYYGVACvQjB0rmktVAvhwH0m5WZZL0mE+dW4R/c8qjul1b0MJRka43w5YZhbkT9 b8C04ZdDud6DMCrlhYf7ynlgYG6WFdAPCqDb4ieSrNP5Gb3uJP8F+VsA0HHYscYVyrxS YMfKGl81U0cnPnBtF8Ka3juyCU5Dlgv6ayywWu/rx6HjNnNgUzeIqtlFFY12Z7B+f4fs mZrBbVynF6TmHWlJvUU7k8IbZNSgX24grKRL87uud5e2Fjx2JcuaubFCZLr/NfnKk2vf Puvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6jD77bpUl2XxQPaadhyGE2Qh5HtrDOfXp1gJoQlIBMA=; b=kXXuM46rzTk/ptFypcJARF8aDA06bSPjlnUIZXQZNvrUT0PNcAUSJvZ5/J+NIwkk3R nr5jmIsXXLtNdnEC+mvV5M9PagoxZ/QCXq7TpDS2Ujn6AKiSYIMA/29Asz6UCArWn+S9 8i+uefRT80ErV+psTuK3Z5iWVkZOEesGsHFlWxV/xpHYJKambXMmnB4dlclo7LkvaNqU yaxYRtYzoJnOcrCWAZttHQ25a7XwlIvGE1A8JaUEpG9x30tpyp3+a0oivFsz9F5RI+ak VLH59geQzgB6x4lPsOVkvmyUGYs/RQgNbXz7dZCu9Mr6bblS39Jj47RapNx7fK89i6eb huyA==
X-Gm-Message-State: APjAAAWZXdw0Bn7ojhdT3LM8Oxy6CSxoONtKJvxXqjjn1fMKd1dUMhFU r089g5I5SiAwmZ6a+K7RFYoXg5/W
X-Google-Smtp-Source: APXvYqxYOR+ljzK90GaRqb0PSMKtaRPn/LgLE/NaSgJvq/WnQGuC8t1lCT5Kl+66UgNJHOcsI8NRSw==
X-Received: by 2002:a63:e1e:: with SMTP id d30mr846581pgl.100.1562800254302; Wed, 10 Jul 2019 16:10:54 -0700 (PDT)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com. [209.85.214.171]) by smtp.gmail.com with ESMTPSA id g2sm6141732pfq.88.2019.07.10.16.10.53 for <sipcore@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2019 16:10:53 -0700 (PDT)
Received: by mail-pl1-f171.google.com with SMTP id i2so1982919plt.1 for <sipcore@ietf.org>; Wed, 10 Jul 2019 16:10:53 -0700 (PDT)
X-Received: by 2002:a17:902:a40c:: with SMTP id p12mr873574plq.146.1562800252855; Wed, 10 Jul 2019 16:10:52 -0700 (PDT)
MIME-Version: 1.0
References: <156249821133.14592.1211919336596009446@ietfa.amsl.com> <CAGL6epLsP_UfZMAcFLsORrR05Enu-vp=jnkgUFuKSttQm8swAw@mail.gmail.com> <c8d5c42e-ab21-80e8-3189-c8592dd02d3a@alum.mit.edu> <HE1PR07MB3161C55955B2FCED2C0F6A9993F60@HE1PR07MB3161.eurprd07.prod.outlook.com> <68ed93ae-57df-6bc7-774b-47959417abda@alum.mit.edu> <HE1PR07MB3161D46B4A44FC7E789ADDB893F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <4a9787e5-b5e2-bc08-0fa0-fae6bd44148d@alum.mit.edu> <527F4C39-F065-4335-A939-6D443F1801E7@ericsson.com> <CAD5OKxuK_2+JcbGvo6LNeRbCYXWXQmhKQPNUzoZvZEOupPWyjw@mail.gmail.com> <HE1PR07MB3161612130F07C8F727A2BB693F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAD5OKxtR-WBhfa4msbAfXoK7JowYaKK3fSCbw0cXm6SRGwkLxg@mail.gmail.com> <CAGL6epK8Z938pnMKVyWGBK=6fMzNq6+gmxro-AAO2nzvGT4jeg@mail.gmail.com> <CAD5OKxs6g+6mLbMRc9C0q5BSSn=+7HHzKf5Ya5uL-+RbhVfEaA@mail.gmail.com> <CAGL6epKfLWA=RW3T84feSud9sZ+TcpB=XRA6fvTzP-jL3h4+4A@mail.gmail.com> <CAD5OKxs3=XdOFYThY1gCu23M4nqJV-bJOSCU7-Ogn0J=xy+E3A@mail.gmail.com> <CAGL6epJWXBTcnNk3nMN3Yfsh5y6+pddQSW_MbkAdNZbmWf6_Gg@mail.gmail.com> <CAD5OKxt=sJhKGRRFPUon=JokbJ2Vb=P7GcfJ8LpXt_Yp-eOg3Q@mail.gmail.com> <393C0E68-5D0F-4AB5-B839-424C239E84A9@edvina.net>
In-Reply-To: <393C0E68-5D0F-4AB5-B839-424C239E84A9@edvina.net>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 10 Jul 2019 19:10:44 -0400
X-Gmail-Original-Message-ID: <CAD5OKxs2Ji9P3n3kDxCrdfMQmB-JeovYZcNuJHEGj5RjqWdkSA@mail.gmail.com>
Message-ID: <CAD5OKxs2Ji9P3n3kDxCrdfMQmB-JeovYZcNuJHEGj5RjqWdkSA@mail.gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Cc: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, "sipcore@ietf.org" <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed2f34058d5bc994"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/9INbC3G6Ydrvo9VAt0D624k_Mk0>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 23:10:56 -0000

On Wed, Jul 10, 2019 at 2:44 AM Olle E. Johansson <oej@edvina.net> wrote:

>
>
> On 10 Jul 2019, at 02:53, Roman Shpount <roman@telurix.com> wrote:
>
> On Tue, Jul 9, 2019 at 8:30 PM Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
> wrote:
>
>> The document clearly allows the use of access token to authenticate
>> non-REGISTER requests when challenged in the context of the same realm.
>>
>> Whether that is needed or not is a different discussion.
>> Assuming the UA was able to authenticate the user and obtain an access
>> token, then establish an authenticated TLS channel with the server, and
>> register the user; is there a need for further challenges from server?
>>
>> When the token expires, you certainly need a new token from the user.
> With SIP Outbound, we’re more connection oriented than before, so we should
> propably consider what the
> server does with the connection when a token expires (if it’s not already
> in the draft).
>
>
Keep in mind that proxy responsible for SIP Outbound or Web Sockets edge
proxy and registrar can be two different servers. Connection from end user
device to SIP Outbound Proxy can be unique, but connection from edge proxy
to the registrar can be reused for multiple clients. I am sure this can be
un-bundled and made to work but it is not always trivial.

Best Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email