Re: [sipcore] No WebSocket level authentication scenario [was RE: I-D Action: draft-ietf-sipcore-sip-websocket-09.txt]

Saúl Ibarra Corretgé <saul@ag-projects.com> Wed, 19 June 2013 07:14 UTC

Return-Path: <saul@ag-projects.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABAEA21F9F80 for <sipcore@ietfa.amsl.com>; Wed, 19 Jun 2013 00:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.253
X-Spam-Level:
X-Spam-Status: No, score=-1.253 tagged_above=-999 required=5 tests=[AWL=0.435, BAYES_00=-2.599, HELO_MISMATCH_NET=0.611, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YU0BkD1fCNM2 for <sipcore@ietfa.amsl.com>; Wed, 19 Jun 2013 00:14:23 -0700 (PDT)
Received: from mail.sipthor.net (node06.dns-hosting.info [85.17.186.6]) by ietfa.amsl.com (Postfix) with ESMTP id E5BB921F9F82 for <sipcore@ietf.org>; Wed, 19 Jun 2013 00:14:19 -0700 (PDT)
Received: by mail.sipthor.net (Postfix, from userid 5001) id 7A466B35E1; Wed, 19 Jun 2013 09:14:17 +0200 (CEST)
Received: from imac.saghul.lan (ip3e830637.speed.planet.nl [62.131.6.55]) by mail.sipthor.net (Postfix) with ESMTPSA id 9F28CB017A; Wed, 19 Jun 2013 09:14:16 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="iso-8859-1"
From: Saúl Ibarra Corretgé <saul@ag-projects.com>
In-Reply-To: <CALiegfnQ8=R1PRbHwPSDjJ=jH+bBeiNqjU12yr8KmJvHWQg1Mg@mail.gmail.com>
Date: Wed, 19 Jun 2013 09:14:16 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <12FDD6C8-F172-4B3B-A83A-211CF553DA1A@ag-projects.com>
References: <20130613011708.18316.28106.idtracker@ietfa.amsl.com> <CALiegfkg-KU1bB01eLXuksZV1ehBY92uf+0+F3fQuha-WnOS1A@mail.gmail.com> <013c01ce6c4e$29e33c90$7da9b5b0$@co.in> <CALiegfnQ8=R1PRbHwPSDjJ=jH+bBeiNqjU12yr8KmJvHWQg1Mg@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
X-Mailer: Apple Mail (2.1085)
Cc: "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>, Parthasarathi R <partha@parthasarathi.co.in>
Subject: Re: [sipcore] No WebSocket level authentication scenario [was RE: I-D Action: draft-ietf-sipcore-sip-websocket-09.txt]
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 07:14:29 -0000

Hi,

After reading those 2 paragraphs a few times I have a question about some corner case (below)

On Jun 19, 2013, at 12:04 AM, Iñaki Baz Castillo wrote:

> Right. I will modify it. Anyhow, I don't know if more changes are
> required in that "Authentication" section (due to pending issues in
> another mail thread).
> 
> Thanks a lot.
> 
> 2013/6/18 Parthasarathi R <partha@parthasarathi.co.in>:
>> Hi Inaki & all,
>> 
>> IIUC, The below text in Sec 7 of the draft:
>> 
>> "If no authentication is done at WebSocket level then SIP Digest
>>   authentication is required for every SIP request coming over the
>>   WebSocket connection."
>> 
>> has to be changed as Normative statement as follows:
>> 
>> "If no authentication is done at WebSocket level then SIP Digest
>>   authentication MUST be done for every SIP request coming over the
>>   WebSocket connection."
>> 
>> Please let me know in case I'm missing something.
>> 

Why is authentication a MUST? Lets assume that I'm using UDP and my proxy establishes a WS connection with a foreign domain's proxy because of NAPTR and my proxy supports acting as a WS client. It obviously won't be able to authenticate. If this scenario supposed to be covered?


Thanks,

--
Saúl Ibarra Corretgé
AG Projects