IETF Logo Mail Archive

Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Thu, 02 August 2018 18:39 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B406127AC2 for <sipcore@ietfa.amsl.com>; Thu, 2 Aug 2018 11:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rbIgELicIIQq for <sipcore@ietfa.amsl.com>; Thu, 2 Aug 2018 11:39:30 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02643120049 for <sipcore@ietf.org>; Thu, 2 Aug 2018 11:39:30 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id d70-v6so3380666ith.1 for <sipcore@ietf.org>; Thu, 02 Aug 2018 11:39:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PgxwIG2dpFSdqkJa6bY7MZp0YRupwzJ0nBQPu5q0K5A=; b=mOzoZn5oFcY6/5uTZEp7ZIAxR3qRl5OdE4y5mR6kY+YFu9supoD+LhsC3PWCsRxGjK X6PXvTlGLeG5rFMQhnuAEO2GwV3jWk329TTlMFuU8G31h5NRyrEELSQab2NSUQAkGEed IRMWK9gigOvt6A0AVQcFYZYGEl8TdiBggShgX5iINv0cYyGZmYHisRMgKCBQ1nVlYICO ysHds48zFzVxRgvhFcE/yE6NwtJvVFmC4y/glpx8S1KC2mbv0e+/IkIt8QcBEPfviT58 6jd+v6zq7kytmOEE5mqKRo4aHomxYJw+s9FwLkjAl+QRZ3Tc5AaBZbsAJStn9HDKeBZn yyug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PgxwIG2dpFSdqkJa6bY7MZp0YRupwzJ0nBQPu5q0K5A=; b=gnyshcAsNALjuNfJc6EAFTRN94RE6a6RwKZ4b+9fy3H1397oJiH8b1asqChjdM7is1 UNujjAnamE3VYNstKMwXY9q8vr0IM+r3DmGbMw7kebTlo/rsxaCZWaGGrIWLsGkCzSRO 2b0+x0HfFWDJo9Yn48hRVX+H/OxtbnDpTSAO7Yn5qQL7FH7d7oL4bgrKPGMrTYEi7svK S18wSQmoJTE5/YT7i5w4iO+VYfnepq73xAU68Tsi1e0p2I0CtNk0b42EVb5Zdpbc2fe7 XxpW7Q8RvZNtPN0SFAanplMGF/NuL00IZNQDB/4eRdKtToC7Z0Xpi4r+khAfYZrHhuqR Srqw==
X-Gm-Message-State: AOUpUlEKCMeSgzKnA3kGxn+2/Kpe3qFmoCTAxm0bkUXeG/m9uU42TciE x+r7YzTdv74FubDwKa0SIAoOOCwFPKXw4390YyidLxw6
X-Google-Smtp-Source: AAOMgpdHr02OCkGMTf5q7ZKbFbjTkeaSOlLtPtStLmYIiB/P2WPCN4YKUwmz3zcxQD3g/E3KBM6SHrOJXgWIC+xOBsY=
X-Received: by 2002:a24:69c6:: with SMTP id e189-v6mr3519497itc.21.1533235169340; Thu, 02 Aug 2018 11:39:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAF_j7yZxzdyX3NsfnmwJqrgVKeC3xGeLbiZ_z1rF9HyNAqwW_A@mail.gmail.com>
In-Reply-To: <CAF_j7yZxzdyX3NsfnmwJqrgVKeC3xGeLbiZ_z1rF9HyNAqwW_A@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Thu, 02 Aug 2018 14:40:07 -0400
Message-ID: <CAGL6epJjbGPiCXvmycgF8dfcLvC=4q2Q1HR0NMvTr0imKhyP1A@mail.gmail.com>
To: Yehoshua Gev <yoshigev@gmail.com>
Cc: SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a03208057278218b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/jlYavT_DN1s73a2mbSzp-XZD__k>
Subject: Re: [sipcore] draft-ietf-sipcore-sip-authn-02 - consider splitting
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 18:39:32 -0000

Thanks Yehoshua,

I tend to agree with you, and I would be ok with splitting the document
into two.
It is up to the chairs and WG to make a decision on this.


*Chairs,*

Any thoughts about this?

Regards,
 Rifaat



On Wed, Aug 1, 2018 at 9:18 AM Yehoshua Gev <yoshigev@gmail.com> wrote:

> Hi,
>
> After some thoughts about how the various sections of draft are intended
> to be used, I think you should consider splitting it to two drafts.
>
> The draft currently describes two separate mechanisms:
> 1. Section 2 is intended for a UA as a way to perform login by entering
> some sort of credentials.
>    After entering the credential, the SIP Proxy maintains a state for
> "remaining authenticated" with the Authorization Server.
>    Possibly, the UA uses a novel (not defined by the OAuth RFCs)
> shared-key mechanism for "remaining authenticated" with the SIP Proxy.
>    Part of the mechanism described in this section is similar to steps A &
> B of section 4 of RFC 6749 (OAuth).
>
> 2. Section 3 is intended for a UA which has means of obtaining OAuth
> access token (e.g., web application).
>    This section describes a how to convey this access token over SIP
> messages.
>    It is almost completely equivalent to RFC 6750 (OAuth Bearer token)
> which does the same for HTTP.
>
> I think that each of those mechanisms deserves a separate draft, because:
> a. A UA will most probably implement only one of those mechanisms and not
> both.
>    (To say a UA/Proxy conforms to the draft - must both mechanisms be
> implemented?)
> b. The security considerations are different between them.
> c. They correspond to different OAuth RFCs.
> d. IMHO, the second mechanism is closer to be prepared to publication.
>
>
> Regards,
> Yehoshua
>
>

v2.23.0 | Report a Bug | By Email