Re: [sipcore] SASL Authentication for SIP
Rick van Rein <rick@openfortress.nl> Wed, 19 October 2022 08:30 UTC
Return-Path: <vanrein@vanrein.org>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5962EC14F72F for <sipcore@ietfa.amsl.com>; Wed, 19 Oct 2022 01:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.646
X-Spam-Level:
X-Spam-Status: No, score=-6.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kpnmail.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afSaKcB58xrn for <sipcore@ietfa.amsl.com>; Wed, 19 Oct 2022 01:29:53 -0700 (PDT)
Received: from ewsoutbound.kpnmail.nl (ewsoutbound.kpnmail.nl [195.121.94.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3595C14F721 for <sipcore@ietf.org>; Wed, 19 Oct 2022 01:29:40 -0700 (PDT)
X-KPN-MessageId: 1fd178ca-4f88-11ed-a5a6-005056abbe64
Received: from smtp.kpnmail.nl (unknown [10.31.155.40]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id 1fd178ca-4f88-11ed-a5a6-005056abbe64; Wed, 19 Oct 2022 10:29:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpnmail.nl; s=kpnmail01; h=content-type:mime-version:message-id:subject:to:from:date; bh=E8nQgRdf8ZVB2Fru3ysKjoq/C04MNzBGiusf8pqxSsE=; b=G5JwdTlFL1msAz8BFV87rL7R9drxf1BXai82qN3KluPIuBd/zPCch2r0RklgyfAmA07zRBSyrsNwG YfrmXfBcZMUusHbbtp+20bn6aw0MQs5IvVj47F2ssMaJJVzwDwmHSE3zEZ+1cFlcu87kASwLDwTouj O+WftxpgNNrTP9T8=
X-KPN-MID: 33|9EQl2p8aOZflLg5AfbalD1voq/kU+GKoc0ORuQTUugGK1sadbhB+cNLn/K5yykf xQY55gzrQvLCmIwt2BB0rfvl5ybSpsW1n2k9+N3Dn7M8=
X-KPN-VerifiedSender: No
X-CMASSUN: 33|2MoLX0gwzd2MZGEb/ZJn4WT8SFggV3WQgZdGP/s1z0MFtPR3o7h3nvSN9zNqpUP +mWp1yJLU97jmjpWPNDXe2g==
X-Originating-IP: 77.173.183.203
Received: from fame.vanrein.org (77-173-183-203.fixed.kpn.net [77.173.183.203]) by smtp.xs4all.nl (Halon) with ESMTPSA id 2b1b7799-4f88-11ed-9ebb-005056ab7584; Wed, 19 Oct 2022 10:29:37 +0200 (CEST)
Received: by fame.vanrein.org (Postfix, from userid 1000) id 7D3CD2A1B9; Wed, 19 Oct 2022 08:29:37 +0000 (UTC)
Date: Wed, 19 Oct 2022 08:29:37 +0000
From: Rick van Rein <rick@openfortress.nl>
To: sipcore@ietf.org
Message-ID: <20221019082937.GA22077@openfortress.nl>
Mail-Followup-To: sipcore@ietf.org
References: <20221014162340.GA7844@openfortress.nl> <69DDB655-0B52-4D14-A67A-54EC9A7D7DFE@brianrosen.net> <20221014173308.GA8165@openfortress.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20221014173308.GA8165@openfortress.nl>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/AcYESVFU8wV5rfrlKy1x_WnUfxU>
Subject: Re: [sipcore] SASL Authentication for SIP
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 08:30:01 -0000
Hello, I cannot really work out what the formal arrangements are for new authentication mechanisms in SIP. IANA lists a Security Mechanism Names registry, but it is dedicated to RFC 3329, a meta-protocol for negotiating what would be available between peers. RFC 3261 is a bit informal when it says SIP provides a stateless, challenge-based mechanism for authentication that is based on authentication in HTTP. Does that mean that any mechanism defined for HTTP will automatically be permissible in SIP if peers agreed on it? Lacking a formal registry that is what I would assume. Then, a specification like SIP-SASL that adds specifics for SIP could be an Independent proposal. FWIW, the purpose of this work is to have an end-to-end mechanism for key derivation. This can be useful for private telephony, but my purpose for now is the setup of Wireguard sessions using SIP. The two seem to be a match made in heaven. Key derivation can yield a PSK that helps the VPN combat quantum computing. Thanks, -Rick
- [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson