[sipcore] SASL Authentication for SIP
Rick van Rein <rick@openfortress.nl> Fri, 14 October 2022 16:24 UTC
Return-Path: <vanrein@vanrein.org>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 338EDC1522C7 for <sipcore@ietfa.amsl.com>; Fri, 14 Oct 2022 09:24:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.656
X-Spam-Level:
X-Spam-Status: No, score=-1.656 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kpnmail.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjBnbJQdUU61 for <sipcore@ietfa.amsl.com>; Fri, 14 Oct 2022 09:24:05 -0700 (PDT)
Received: from ewsoutbound.kpnmail.nl (ewsoutbound.kpnmail.nl [195.121.94.168]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BBCFC1522C6 for <sipcore@ietf.org>; Fri, 14 Oct 2022 09:23:43 -0700 (PDT)
X-KPN-MessageId: 905f6bce-4bdc-11ed-be70-005056aba152
Received: from smtp.kpnmail.nl (unknown [10.31.155.38]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id 905f6bce-4bdc-11ed-be70-005056aba152; Fri, 14 Oct 2022 18:23:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpnmail.nl; s=kpnmail01; h=content-type:mime-version:message-id:subject:to:from:date; bh=qpfBFNWn/C8+SDU882iRRal/SJyvJc/U2dcmbm0AHw0=; b=HSp9dY69LgAy76YEXu4yg0uugwGtKt7D0XUH7eWzpShouL+HrrafKJKEJg4OVjLPOTkigABtdn0DS +Xu3xu1oty6v4c4Q21HYE37//WjXorBQq6uasQv8M8vRvfqda8j9z/NX0YHAG51W8bsZcKdelL0HNP FT0+yxdSD6HfPQ8I=
X-KPN-MID: 33|lBT/CKa/701Qs+xD25CX/agN7Tda+JRwTIawSV/7P8NE+8VjlyKnses6J5Jp62W HuaQTRAaB0XsVtkCwoJkXusoNxIoOmlcmf5W2Bepk/I8=
X-KPN-VerifiedSender: No
X-CMASSUN: 33|AkvfWKxDY8EJyJwdSwgniLRBCvcuuxeBQPJQXdXLtnwuwaqXzsLVAdmb8JFT3NK lRLEnKPOtUiWzaVhN0awggw==
X-Originating-IP: 77.173.183.203
Received: from fame.vanrein.org (77-173-183-203.fixed.kpn.net [77.173.183.203]) by smtp.xs4all.nl (Halon) with ESMTPSA id 909348a0-4bdc-11ed-b5e8-005056abf0db; Fri, 14 Oct 2022 18:23:41 +0200 (CEST)
Received: by fame.vanrein.org (Postfix, from userid 1000) id C902629B09; Fri, 14 Oct 2022 16:23:40 +0000 (UTC)
Date: Fri, 14 Oct 2022 16:23:40 +0000
From: Rick van Rein <rick@openfortress.nl>
To: sipcore@ietf.org
Message-ID: <20221014162340.GA7844@openfortress.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/rT1CxwZKZoPIS1fczYDNN7WORtA>
Subject: [sipcore] SASL Authentication for SIP
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 16:24:14 -0000
Hello, Please note the following specification for SASL authentication in SIP. This serves as an alternative for Digest authentication. The specification is based on our work on HTTP-SASL auth, and may be combined with the SXOVER-PLUS mechanism that can be used for Realm Crossover, that is, pass a client login attempt back to their own domain, using TLS, DNSSEC and DANE to validate that @domain.name part of the client identity. Combined, this enables authentication across SIP domains that have never been in contact before. Your feedback is kindly welcomed. I am assuming that the ASAP group is present in SIPCORE, so that I should not cross-post. You are not present in London, right? Best, Rick van Rein InternetWide.org ----- ----- ----- ----- ----- ----- ----- A new version of I-D, draft-vanrein-sipauth-sasl-01.txt has been successfully submitted by Rick van Rein and posted to the IETF repository. Name: draft-vanrein-sipauth-sasl Revision: 01 Title: SASL Authentication for SIP Document date: 2022-10-14 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-vanrein-sipauth-sasl-01.txt Status: https://datatracker.ietf.org/doc/draft-vanrein-sipauth-sasl/ Htmlized: https://datatracker.ietf.org/doc/html/draft-vanrein-sipauth-sasl Diff: https://www.ietf.org/rfcdiff?url2=draft-vanrein-sipauth-sasl-01 Abstract: Many protocols benefit from "pluggable" authentication choice as a result of SASL authentication. In the Session Initiation Protocol, the independent branch of HTTP Authentication has been elected. Recent progress has been made in bringing SASL to HTTP, but SIP has its own special considerations and needs its own embedding to gain the flexibility of SASL.
- [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Brian Rosen
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson
- Re: [sipcore] SASL Authentication for SIP Rick van Rein
- Re: [sipcore] SASL Authentication for SIP Olle E. Johansson