IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 09 July 2019 20:00 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CDA6120ADF for <sipcore@ietfa.amsl.com>; Tue, 9 Jul 2019 13:00:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SDIUmnFwZCbm for <sipcore@ietfa.amsl.com>; Tue, 9 Jul 2019 13:00:27 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10043.outbound.protection.outlook.com [40.107.1.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79B5B120A46 for <sipcore@ietf.org>; Tue, 9 Jul 2019 13:00:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EUgWjvTNcq9bsY0TSZZxgQezCunpPSQlGUSIk3MrJat5pCfvE/c+YzX0ygT4rwaZTnl4sVaRdtS9ItE+StRTr9p0UXdMCzR4YcKG4/88yjjv6lo42qGUDOaIu2Ql+PbR9n5S/tqKdbSEzBFN3RlgpwgydYm2KgDGHR1CmYODIW0p9HbnnqP97Ca64ApCINkJo/IcQxsGUhIGUNFlJ1hUxLjitArlAgwT96ZGqawRJN+Hdb96EddhxUhVELkck7bsohoZeqvL4Qa1YAxzsMvcIa43DOwxxSPWv1wbSx1O4pS2c2LGLuV1vTv9svs3cui310wXh64Q0kylH/AgHQW5wQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MoI3AXBakPdgW+wnZyzTsEm8cJeSnYUG17C5mB7MOYI=; b=JFmTWh4lRo0g2tCzJa/yU+JiIiqjkDL/n9D29/bhdBwmcc5hsNQKntbyQzE3LhSkwir0DxXDP64+LO58A3X6NLt0vwOyAzOTq2/J1OCCleDTW5s03ra+zDkz82rpSBgfOkGBKttYFKCy0fQWZYP8EL+FOaWyZSu/E30jtYq7sed9SC5z5Jz8k5go94zX2aODKPQOeGH3s1S5+v3yBS0nCasJ2bWcGPE5aNSJ+VVXpnxefXCL4N53BjOFkdOLk1fEZHt+PqZU8bMBJ40C+1YyVEGPLutl0gjtTO5LhimtnsD840MaunMQLK+wZmXoiK9bXnNzk3L48KiNOJiSS/lJzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ericsson.com;dmarc=pass action=none header.from=ericsson.com;dkim=pass header.d=ericsson.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MoI3AXBakPdgW+wnZyzTsEm8cJeSnYUG17C5mB7MOYI=; b=hJm5Q+NOlpkVxvdgBJP2D9zFniTyP3L6s4vvG/lL6CT7lloyXNcJ/Gwljm543XFCDC3FW6CowTlUWNCQRaiebf1EvAnLZSNpoFOR4HT105FOqM3d5Yua+07jc5mUddHxrp7Uj8qZk/YirmbXvfIest/udezxGhScV0wf+6G8vls=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4428.eurprd07.prod.outlook.com (20.176.167.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Tue, 9 Jul 2019 20:00:23 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5050:a3a9:be80:cf43]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5050:a3a9:be80:cf43%5]) with mapi id 15.20.2073.008; Tue, 9 Jul 2019 20:00:23 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>
CC: Paul Kyzivat <pkyzivat@alum.mit.edu>, "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
Thread-Index: AQHVNLWxruT/m/C2REGBvr04oIfCDqa/Al8AgAHwRACAACa0QIAAOvWAgACKbgCAAH00gIAARqSA///8CoCAAAq/0IAABmoAgAADBKA=
Date: Tue, 09 Jul 2019 20:00:23 +0000
Message-ID: <HE1PR07MB3161434F0C9714266EF22DF093F10@HE1PR07MB3161.eurprd07.prod.outlook.com>
References: <156249821133.14592.1211919336596009446@ietfa.amsl.com> <CAGL6epLsP_UfZMAcFLsORrR05Enu-vp=jnkgUFuKSttQm8swAw@mail.gmail.com> <c8d5c42e-ab21-80e8-3189-c8592dd02d3a@alum.mit.edu> <HE1PR07MB3161C55955B2FCED2C0F6A9993F60@HE1PR07MB3161.eurprd07.prod.outlook.com> <68ed93ae-57df-6bc7-774b-47959417abda@alum.mit.edu> <HE1PR07MB3161D46B4A44FC7E789ADDB893F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <4a9787e5-b5e2-bc08-0fa0-fae6bd44148d@alum.mit.edu> <527F4C39-F065-4335-A939-6D443F1801E7@ericsson.com> <CAD5OKxuK_2+JcbGvo6LNeRbCYXWXQmhKQPNUzoZvZEOupPWyjw@mail.gmail.com> <HE1PR07MB3161612130F07C8F727A2BB693F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAD5OKxtR-WBhfa4msbAfXoK7JowYaKK3fSCbw0cXm6SRGwkLxg@mail.gmail.com>
In-Reply-To: <CAD5OKxtR-WBhfa4msbAfXoK7JowYaKK3fSCbw0cXm6SRGwkLxg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [62.113.190.248]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ce1528c3-2cbd-498c-2587-08d704a81452
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB4428;
x-ms-traffictypediagnostic: HE1PR07MB4428:
x-microsoft-antispam-prvs: <HE1PR07MB4428EF67D186C2C5C584C1ED93F10@HE1PR07MB4428.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(376002)(396003)(39860400002)(366004)(199004)(189003)(52536014)(26005)(7696005)(76176011)(6506007)(8676002)(186003)(99286004)(66446008)(64756008)(66556008)(66476007)(102836004)(86362001)(5660300002)(25786009)(2906002)(53936002)(66574012)(4326008)(14454004)(3846002)(8936002)(6116002)(6246003)(6436002)(71200400001)(71190400001)(14444005)(9686003)(55016002)(256004)(33656002)(316002)(44832011)(54906003)(6916009)(486006)(81166006)(66946007)(11346002)(476003)(446003)(81156014)(76116006)(7736002)(74316002)(229853002)(66066001)(68736007)(305945005)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4428; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: IZJ02HM5/w1JFYmLk85o1vWyjRUwveoj1JS/lbeucHzwpAIeD+h+G9gEIVJqAKXtmza06n3thwTzatIB0VJSG7fR4b5NIgHxi5NIDFUuwrSOcoPA1NZ2sAbTwdCOlEqLVMnftYpiVXfVlA2Jy5FQdEdwfeU+Ec3NGMiUGv5BQ4DvkzAp/waPm7YiPjGdiTntpuarZbe9r9q4HvIn8EvVwtl3dqpMpDgaC9pfqi92zcUBZkiBhf+UE5KcOyBYokvT/W7w5SwuRv4xQ6H+ZZLaslvG1q31P3IoQpAgsEFxiDtDKfzzHwEH30lx8/76c6fu4UofIpO5cts/cPobhXr/YEyFl0sms3HvhDFkRdovLZp4Ly583fNmYyGttbQYRsqiJ1HoRG0VaZOsmpECB+Nl0Y7T1K7y7PTz/H31mPXaIgU=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce1528c3-2cbd-498c-2587-08d704a81452
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 20:00:23.6929 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4428
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/UcXAg-jj7DE-cxqw_7pzddZJ0tI>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 20:00:36 -0000

Hi,

>>>> As far as I know, OAuth for SIP has only been used for REGISTER requests, between the UA and the registrar. 
>>>> I have never heard about anyone using it for non-REGISTER authentication, and I wonder whether we even need 
>>>> to cover it in the draft. We could limit the scope the REGISTER requests. Then, if anyone ever needs OAuth for non-REGISTER requests, a separate draft can be written.
>>> 
>>> Really? Normally, for a secure solution, every SIP request, including requests sent by UA in dialog established from the 
>>> server to the registered end point must be authenticated. OAuth for REGISTRER requests only is kind of useless since it 
>>> does not allow UA to send any messages to the server without some additional authentication mechanism.
>>
>> Not sure what you mean by "secure solution", but UAs can still use SIP Digest authentication.
>>
>> What I am saying is that only use-case for SIP OAuth I am aware of is for REGISTER.
>
> How do they get these SIP Digest credentials?
>
> I am looking at a very simple SIP-Over-Websockets client scenario:
>
> User logs into the web site which uses OAuth. UA, running in the browser gets a token which is used to Register UA with a SIP proxy.

Wouldn't  you use OAuth to establish the WebSocket connection?

>What credentials is UA using to place a call (send INVITE to the proxy)? 
>If a call comes in from the proxy to UA, what credentials is UA using to hang up the call (send BYE message)?

If the registry and the call handling is part of the same service I guess you could use the same credentials, assuming 3261 generally allows using the same credentials for registrations and calls.

Regards,

Christer

v2.23.0 | Report a Bug | By Email