IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt

Roman Shpount <roman@telurix.com> Tue, 09 July 2019 23:27 UTC

Return-Path: <roman@telurix.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584EB120075 for <sipcore@ietfa.amsl.com>; Tue, 9 Jul 2019 16:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.593
X-Spam-Level:
X-Spam-Status: No, score=-0.593 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fafoc9stnvXJ for <sipcore@ietfa.amsl.com>; Tue, 9 Jul 2019 16:27:37 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B878120024 for <sipcore@ietf.org>; Tue, 9 Jul 2019 16:27:37 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id c2so156350plz.13 for <sipcore@ietf.org>; Tue, 09 Jul 2019 16:27:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jUQk7h72dQliIoxplSg6uGCmR/pGKkMxf1CWrQmO1Ao=; b=Fb2tsXk1mpvN8id2Yl1pJwWuHLe+I7TJfQdyZZanxZSEPx5FOCFbAeAUABsZgMdnef wSXVaeB9IiQ5zLbRhnTecX6MjDglna2QX3bTcsVAhb9E/DQZ22TDNqTAJOHx2kEj1aC/ Eyys8d8ZhDFRE4iMzmWJd35ZUJPlyMCRFkk3RFl8AFCfuyh4qQo9u5S2KMTAlYVMJMI8 fBVmu/OHc6gB3QTqHzF0MrrB6S8OiEcUW0F77iK4KlLfOFGZ/pe0EBhaXB8janjaiJTb vY8cK2xKwaDO2ulBf3I0/kH1SDzvIjq6UgPm4oBiZZ9SL8YQfDqXXRCt1i98uc29g2IJ 5XRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jUQk7h72dQliIoxplSg6uGCmR/pGKkMxf1CWrQmO1Ao=; b=DDkRPrW82IhUb0EvEE0QqNi182m1cbTvOYvEuwxrSB+OybUjpxIdN0FYVXxHy37ksp TUKvTQE5BH0VJZEo+uB1xvRGtFp3ZQJZSeJvhhFQlnKIg5GTprN//hoKjtVW+HTS7s/5 6czab3QoJyLFeAon5jqL4ioEkWOou9+2U3Ss4zyTOkvCCKf92Aj+qZu8DDQHZ17o3R7d XWf6GTi3Svb7tZBz9thr92mJ13P2Vce/gpAbFofCM8y3YGtKfEqY5AM6y+SXX0tljSbG 1bZhD5MXLOziFovnc3BqwHVjbAhcxko5FNNHOZSEFeklpZD2APRt81yLwaZ3q2vd+/LJ LRLw==
X-Gm-Message-State: APjAAAWbbpJKR3ZEoT8Lei4lKRcFRBFva5+N5B7QaqU7qQRMIsoVoTUF gH5mfykzotjwOzO/X3MlyLpSfdGGjmc=
X-Google-Smtp-Source: APXvYqxybBEEHWblxMO4rlNrI3JerkSaqYEmHt+NDGHhIGoXUrYkr2DP8TrSAjsGF15BfnztO/A64g==
X-Received: by 2002:a17:902:2868:: with SMTP id e95mr32875807plb.319.1562714855258; Tue, 09 Jul 2019 16:27:35 -0700 (PDT)
Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com. [209.85.215.182]) by smtp.gmail.com with ESMTPSA id i15sm161275pfd.160.2019.07.09.16.27.34 for <sipcore@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 16:27:34 -0700 (PDT)
Received: by mail-pg1-f182.google.com with SMTP id o13so203937pgp.12 for <sipcore@ietf.org>; Tue, 09 Jul 2019 16:27:34 -0700 (PDT)
X-Received: by 2002:a17:90a:b104:: with SMTP id z4mr2949778pjq.102.1562714853764; Tue, 09 Jul 2019 16:27:33 -0700 (PDT)
MIME-Version: 1.0
References: <156249821133.14592.1211919336596009446@ietfa.amsl.com> <CAGL6epLsP_UfZMAcFLsORrR05Enu-vp=jnkgUFuKSttQm8swAw@mail.gmail.com> <c8d5c42e-ab21-80e8-3189-c8592dd02d3a@alum.mit.edu> <HE1PR07MB3161C55955B2FCED2C0F6A9993F60@HE1PR07MB3161.eurprd07.prod.outlook.com> <68ed93ae-57df-6bc7-774b-47959417abda@alum.mit.edu> <HE1PR07MB3161D46B4A44FC7E789ADDB893F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <4a9787e5-b5e2-bc08-0fa0-fae6bd44148d@alum.mit.edu> <527F4C39-F065-4335-A939-6D443F1801E7@ericsson.com> <CAD5OKxuK_2+JcbGvo6LNeRbCYXWXQmhKQPNUzoZvZEOupPWyjw@mail.gmail.com> <HE1PR07MB3161612130F07C8F727A2BB693F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAD5OKxtR-WBhfa4msbAfXoK7JowYaKK3fSCbw0cXm6SRGwkLxg@mail.gmail.com> <CAGL6epK8Z938pnMKVyWGBK=6fMzNq6+gmxro-AAO2nzvGT4jeg@mail.gmail.com> <CAD5OKxs6g+6mLbMRc9C0q5BSSn=+7HHzKf5Ya5uL-+RbhVfEaA@mail.gmail.com> <CAGL6epKfLWA=RW3T84feSud9sZ+TcpB=XRA6fvTzP-jL3h4+4A@mail.gmail.com>
In-Reply-To: <CAGL6epKfLWA=RW3T84feSud9sZ+TcpB=XRA6fvTzP-jL3h4+4A@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 09 Jul 2019 19:27:24 -0400
X-Gmail-Original-Message-ID: <CAD5OKxs3=XdOFYThY1gCu23M4nqJV-bJOSCU7-Ogn0J=xy+E3A@mail.gmail.com>
Message-ID: <CAD5OKxs3=XdOFYThY1gCu23M4nqJV-bJOSCU7-Ogn0J=xy+E3A@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "sipcore@ietf.org" <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000be740d058d47e7e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/xcWe1lrKGLCeKYgW0UjLkft3r2Q>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 23:27:38 -0000

On Tue, Jul 9, 2019 at 7:17 PM Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
wrote:

> Can you provide a real life example of confidential UA using OAuth for
>> registration only and not generating calls or sending any messages in
>> dialog (or using different authentication method for these actions)?
>>
>
> What? why do you think that is the case?
> How did you get to the conclusion that the UA will not be able to make a
> call?
>
>
Quoting Christer:

As far as I know, OAuth for SIP has only been used for REGISTER requests,
between the UA and the registrar. I have never heard about anyone using it
for non-REGISTER authentication, and I wonder whether we even need to cover
it in the draft.


So, I am trying to understand the use case where:

1. UA is confidential
2. OAuth is used for registration only
3. Other messages are not sent or different authentication method is used
for them, i.e. calls and in dialog messages are not initiated or initiated
using a different authentication method.

So far, I cannot figure out what this is.

Best Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email