Re: [sipcore] Draft new version: draft-ietf-sipcore-sip-token-authnz-14 (was: Benjamin Kaduk's Discuss on draft-ietf-sipcore-sip-token-authnz-13) - the pull request
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 04 May 2020 08:13 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F463A0101 for <sipcore@ietfa.amsl.com>; Mon, 4 May 2020 01:13:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w5PEOGKDlIFc for <sipcore@ietfa.amsl.com>; Mon, 4 May 2020 01:13:38 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80058.outbound.protection.outlook.com [40.107.8.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF2EF3A005F for <sipcore@ietf.org>; Mon, 4 May 2020 01:13:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c6zCNAjR1jsq/fcu5YZZe8qHbL2Hwku4bkh0U+kBi6qWQ54oDmqO862JzEBvDCU+zi6WGObHLjMlOKoWXRIusQ67LX15+gapXR8k4T9GQGmLyBYU/IvqZEV/htBXtT0fTZeV2vK0b0ou7KniJLpJop/KGcluCkxb17eX31hP7CDEgXHDXLBHdcRDEE0r9v+WuWiPN9xtdUuhlEhQhbzsS6IeHErxdXsZPZ2BEUa0buVW8FfKSPYI+btxy1N9OUY6qEYcL6BCxsw2Lre0zCxFHe0i4L/sxHcgPSrT+VXtBx8VtB9FOHFcRKBAlTfmCXjChctRNRi8arNP00g5ludsBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jz2x7RsNp4SdbU/Wo+lLuegTdfTHF45+sO3NTmPm+C4=; b=VdKIp8nmLyN9i42esHKqWZo83Paf4uhA9+KPrNJUgiRECjHdIGxo+1s6NqSn91iFVh5MVYR5rhfrAd8PyzajZb/prxYF+L/I2oFNBxQU1do+Z315yAqBysQT4d/9AjH/6t43sFMC8i3LnDD/edUn2XvMUfAYX75BWoXy50g0xxoq4hCH9ATTPdSbh86y9e9yoJW5PyULM5qNHdv8uucAMrl2Z40r82TCOeYd0YTrbVycniyqeqHk7kUrsmS4SxBebRDHmv6j2nLtFnLZNw1M2LWL4IXLsdkUec11tRhM+Cb64TPd7vJCxU3mE2P1LD0ztTjU7PJO4ZfoYRJOhHWIqA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jz2x7RsNp4SdbU/Wo+lLuegTdfTHF45+sO3NTmPm+C4=; b=pE+l/FA2D/R/8/+bC8yiOo0neiRWrCo0w0BK8pJp9QV+kLtoaLFkraQJzfSjuS/gOnp7JsK7rjUqcOlarO4mTgvYZh0OENwwh6NFmmHDju2CiihXhNZdv4JbWFCAOYAxL7ADopbO7ZkkLeP/+857Dw5fW1eBh/TYLC5Wh6PzMVY=
Received: from AM7PR07MB7012.eurprd07.prod.outlook.com (2603:10a6:20b:1bc::19) by AM7PR07MB7011.eurprd07.prod.outlook.com (2603:10a6:20b:1b3::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.18; Mon, 4 May 2020 08:13:34 +0000
Received: from AM7PR07MB7012.eurprd07.prod.outlook.com ([fe80::4c:e502:13cf:87a8]) by AM7PR07MB7012.eurprd07.prod.outlook.com ([fe80::4c:e502:13cf:87a8%4]) with mapi id 15.20.2979.024; Mon, 4 May 2020 08:13:34 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>, "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] Draft new version: draft-ietf-sipcore-sip-token-authnz-14 (was: Benjamin Kaduk's Discuss on draft-ietf-sipcore-sip-token-authnz-13) - the pull request
Thread-Index: AQHWIevn9I+qhLfMvUOgm/JewsP9Pg==
Date: Mon, 04 May 2020 08:13:34 +0000
Message-ID: <B22F34F4-F264-4FB5-AF95-3AEAF54D94A9@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [188.127.223.154]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a28a349b-f62c-47aa-c168-08d7f0030a2a
x-ms-traffictypediagnostic: AM7PR07MB7011:
x-microsoft-antispam-prvs: <AM7PR07MB7011FC5B0324699CBA053B5D93A60@AM7PR07MB7011.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 03932714EB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4/bmE9IQMxBhCegCw7UvDiyXyw7xljHFxC7iKhbfiF+8VPfeKnhxiE3usve2HCQ1OakREwrWC6UYW6zzfL5JE1VtDp0WFQ1YP/JxW9FpJPjlv7mLvme5mu2uKOtbEwpsQCcfrWaOyubcPBFnQwFoEhAa2BvWoCxdNSQW2dRenxL2Qzf6vmPXCa0vKDhOz1zFitTXqrmzIud6W9ReFoPPpxKKdjrV1+IMqUDovB1HAi4mdjt6WXQom9tEN8pY10yqINewK70f//a5Qf1GzjE/CRckMhL6/SnxBcs2/eI0bDxn3bXTsbU1fQwVHB2KTqqvQ4CDx3NIU5ogYVDOoJUXSTET4HmmP7thz3h4Cch4MQyta8XV5nXsCMkFldgpBXCkgqsE3G5LlGpn9l4S+8pkkXFe+SAJFiCtx4yd2GDIrhcX4iqZQV8upAN34akNgmT79XDrJoGvVZi94PimGCZVLf+yZOfTMm91igt5A6FACi2W69HjEPURsSeqQucmcbE9LtY2Kln9eNNdxHEoq6i2GA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB7012.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(39860400002)(376002)(366004)(346002)(966005)(8936002)(8676002)(5660300002)(66946007)(66446008)(316002)(2906002)(44832011)(110136005)(76116006)(64756008)(66556008)(66476007)(53546011)(86362001)(6506007)(36756003)(71200400001)(2616005)(6486002)(186003)(33656002)(6512007)(26005)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: XPUNRWgxZZbkc6ndNNFaxZz9GYuaAiH/R+oQiSZcM9rJuHQPbIxExiOYAfGoV9k07Bj6SJthMqP55hsI1UTTqn85Q5rmJXH0xAquZ8/I+xjVj6aqCnbQPlKjwMpv0C5CboA5UVkB5YVZlGCT3DpI/885QSxKIWnQjpDIWPQBeeFVc2kypze0WirYR9M0t5aQL+1WXxs1Vt5hrdHKh3NicyQBil1PWqv99CgOFJiSECzfEIJRQCmdRcm6Q6XbwswQDlnA5SWRg7gxw4B52UQOWJFwkc4nICk2Nk0OlTV8rmExxUEQQG0vCgYdKq3khLvEVNxKVxid3QbS5NZ75zA5BTYmsCwP5n4Uuz3YiEnDc9/A5Ovc9LzzaQSaWwMwvIKaNw7GBBJH0tZXC5wFpulIZON4Sogugfr57wpySzwIKAqo8NI5+pG/pVdjNw1zGMMDMfGtlUW2PWyxImm7wLvpy4sq8LGzmK4V+5DWUfmGi1NiMbh2IYNiMNN/Jm5uTD4+7VSwUxXZWJM1RcSk/ixSniJrWb34dtyAEyuaRIdVAb0thAPSuUlR2pkhZV6EcG5RVrKiRir+uxxWSCDmKgTLbyiCsIRcWLH7Xc1J0pZisMVA8Se2IiXOM8MTePDpgc/mXvOBiT1nok4NNJX2rWyBZ6tLnKCWy/XNwFARHvmp8NNe6QfkLpCJUhVRxMdXL2r65/XNZ6C0LZqBGZ4pXw7ucgNW+wiZyARd1D/SNQfSu5Xtv+vmaJ2M0xew2WX4tC6KLMNeWr3OmEcEv7ISq5YJhQ8Q2ZHCwbfel/DEtWRwjXYNwQJdoIRQHq9oKdc4sPMG
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <44E9EA0E0157C243BE66404AE99AC236@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a28a349b-f62c-47aa-c168-08d7f0030a2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2020 08:13:34.1868 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wHPMdEADgtWlXgVe2ej43Vg1wTtVvqmvCJxRuJejzkIxGp9kLpLDnU7mb10VKHH3Abf1fmf0npTGcHDEoZUe+dtIxh2K0t5fb0I6PfqJOE8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB7011
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/Qc73F1z2GXBI9Qf9HGoLRbGlIcI>
Subject: Re: [sipcore] Draft new version: draft-ietf-sipcore-sip-token-authnz-14 (was: Benjamin Kaduk's Discuss on draft-ietf-sipcore-sip-token-authnz-13) - the pull request
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 08:13:40 -0000
Hi, I created a pull request based on Paul's comments: https://github.com/rifaat-ietf/draft-ietf-sipcore-sip-token-authnz/pull/8 Regards, Christer On 02/05/2020, 16.47, "sipcore on behalf of Christer Holmberg" <sipcore-bounces@ietf.org on behalf of christer.holmberg=40ericsson.com@dmarc.ietf.org> wrote: Hi Paul, > * In section 2.1.1 the edit to the 3rd paragraph has some mis-edits: > > In "the UAC uses it to to request", s/to to/to/ > > In "before the currently used access token expires token", s/expires > token/expires/ > > * In section 2.1.2 some more mis-editing: s/makes have use of/makes use of/ Will fix everything above. > * Section 2.1.2 also says "TLS can still be used for protecting traffic > between SIP endpoints and the AS." This is only true if there is a > direct TLS connection between the endpoint and the AS. How can that be > assured? > > Isn't the general point that TLS can be used to secure the content if > the connection is direct between the UAC and the UAS? (But I don't know > how you can assure that other than by knowledge about the network > architecture in which the UAC is operating. Note that the traffic between the SIP endpoints and the AS uses HTTPS (perhaps that could be clarified), which uses TLS. > I didn't notice any other issues. Thanks for all your comments and feedback! Regards, Christer On 4/30/20 8:08 AM, Christer Holmberg wrote: > Hi, > > Based on the IESG reviews, we have submitted a new version (-14) of draft-ietf-sipcore-sip-token-authnz. > > We believe and hope that all issues raised in the IESG reviews have been addressed, but please take a look. > > A big Thank You for all the comments and suggestions! :) > > Regards, > > Christer > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > _______________________________________________ sipcore mailing list sipcore@ietf.org https://www.ietf.org/mailman/listinfo/sipcore _______________________________________________ sipcore mailing list sipcore@ietf.org https://www.ietf.org/mailman/listinfo/sipcore
- Re: [sipcore] Draft new version: draft-ietf-sipco… Christer Holmberg