RE: AW: [Sipping] FYI: RADIUS & SIP
Henry Sinnreich <Henry.Sinnreich@mci.com> Thu, 07 August 2003 17:33 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23465 for <sipping-archive@odin.ietf.org>; Thu, 7 Aug 2003 13:33:56 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19kodj-0000ws-3n for sipping-archive@odin.ietf.org; Thu, 07 Aug 2003 13:33:30 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h77HXRS9003640 for sipping-archive@odin.ietf.org; Thu, 7 Aug 2003 13:33:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19kodj-0000wd-05 for sipping-web-archive@optimus.ietf.org; Thu, 07 Aug 2003 13:33:27 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23251 for <sipping-web-archive@ietf.org>; Thu, 7 Aug 2003 13:33:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19kode-0000x2-00 for sipping-web-archive@ietf.org; Thu, 07 Aug 2003 13:33:22 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19kodY-0000we-00 for sipping-web-archive@ietf.org; Thu, 07 Aug 2003 13:33:16 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19kodP-0000jT-82; Thu, 07 Aug 2003 13:33:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19iC6i-0004aX-9k for sipping@optimus.ietf.org; Thu, 31 Jul 2003 08:00:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA21661 for <sipping@ietf.org>; Thu, 31 Jul 2003 08:00:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19iC6h-0002kt-00 for sipping@ietf.org; Thu, 31 Jul 2003 08:00:31 -0400
Received: from dgesmtp01.wcom.com ([199.249.16.16]) by ietf-mx with esmtp (Exim 4.12) id 19iC6g-0002kj-00 for sipping@ietf.org; Thu, 31 Jul 2003 08:00:30 -0400
Received: from dgismtp02.wcomnet.com ([166.38.58.142]) by firewall.wcom.com (Iplanet MTA 5.2) with ESMTP id <0HIW006L419KFE@firewall.wcom.com> for sipping@ietf.org; Thu, 31 Jul 2003 11:58:32 +0000 (GMT)
Received: from dgismtp02.wcomnet.com by dgismtp02.wcomnet.com (iPlanet Messaging Server 5.1 HotFix 0.7 (built May 7 2002)) with SMTP id <0HIW00G0119J51@dgismtp02.wcomnet.com>; Thu, 31 Jul 2003 11:58:32 +0000 (GMT)
Received: from hsinnreich2 ([166.50.135.133]) by dgismtp02.wcomnet.com (iPlanet Messaging Server 5.1 HotFix 0.7 (built May 7 2002)) with ESMTP id <0HIW00BI019I4L@dgismtp02.wcomnet.com>; Thu, 31 Jul 2003 11:58:32 +0000 (GMT)
Date: Thu, 31 Jul 2003 06:58:32 -0500
From: Henry Sinnreich <Henry.Sinnreich@mci.com>
Subject: RE: AW: [Sipping] FYI: RADIUS & SIP
In-reply-to: <5.2.0.9.2.20030730002949.043edc48@mail.inode.at>
To: 'Michael Haberler' <mah@eunet.at>, 'Jonathan Rosenberg' <jdrosen@dynamicsoft.com>, 'Bernard Aboba' <aboba@internaut.com>
Cc: "'Liess, Laura'" <Laura.Liess@t-systems.com>, hgs@cs.columbia.edu, sipping@ietf.org, "'Dumler, Alexander'" <Alexander.Dumler@telekom.de>, "'Wolff, Christian'" <Christian.Wolff@telekom.de>
Message-id: <0HIW00BI119I4L@dgismtp02.wcomnet.com>
Organization: WorldCom, Inc.
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Office Outlook, Build 11.0.5329
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: AcNWu7fbAxn9xjDYRkKuntGu4hypsAAnYvdQ
Content-Transfer-Encoding: 7bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
I believe this is an excellent proposal! Though a firm believer in the supremacy of IETF technology, sometimes it makes sense to import innovation on to the Internet from other areas. The SIM card is certainly on top of the list for technologies where its creators had their act well together. Thanks, Henry Henry Sinnreich MCI 400 International Parkway Richardson, Texas 75081 USA Have you disconnected the PBX? > -----Original Message----- > From: sipping-admin@ietf.org [mailto:sipping-admin@ietf.org] > On Behalf Of Michael Haberler > Sent: Wednesday, July 30, 2003 11:55 AM > To: Jonathan Rosenberg; Bernard Aboba > Cc: Liess, Laura; hgs@cs.columbia.edu; sipping@ietf.org; > Dumler, Alexander; Wolff, Christian > Subject: Re: AW: [Sipping] FYI: RADIUS & SIP > > authenticating SIP users is very much like authenticating > mobile users in cellular networks, and the solution developed > for GSM - subscriber identity in a smart card - is IMV > somthing we would be well advised to carry over to SIP space. > > The utility of SIM cards has been recognized for > Internet-side authentication like EAP-SIM based WLAN roaming, > in particular as there is an existing billing an > authentication machinery which one can plug into from the > Internet side. However, SIM cards could also be used in a > strictly Internet-only service provider context as well. > Plus, SIM-based authentication could be used as a bootstrap > mechanism for X.509 certficate distribution and therefore for > TLS mutual authentication. > > There is a draft for SIP authentication with Authentication > and Key Agreement (AKA, > http://www.ietf.org/internet-drafts/draft-torvinen-http-digest > -aka-v2-00.txt > and predecessor) which adresses authentication with UMTS SIM > (USIM)cards. > These have superior security properties compared to plain SIM cards. > However, HTTP AKA cannot negotiate down to plain SIM > authentication, and very few operators use USIM cards, so if > we wait for USIM cards to be ubiquitious we might wait very long. > > Therefore, there is more pressing need for authentication > with plain GSM SIM cards (about 900 million cards out > there!), and there is currently no standard way of using > those at the SIP level - although at the WLAN level, this > has been adressed by EAP/SIM which gets around some of the > weaknessess of plain SIM authentication. However, the HTTP > EAP Digest draft apparently fell through, so we cannot > combine HTTP EAP and EAP/SIM. > > So the area of work I see a need for is retrofitting EAP/SIM > authentication flows into Digest authentication to create a > strong interoperable HTTP SIM authentication method, and > appropriate RADIUS support to back it up. Also, the RADIUS > support behind HTTP AKA needs fleshing out. > > my vision is to have both WLAN/LAN access and SIP > authenticated through the same SIM card. I see quite a market > potential for such a feature set. > > -Michael Haberler > > > > At 14:12 29.07.2003 -0400, Jonathan Rosenberg wrote: > > >I know of several carriers with RADIUS infrastructures that > want to use > >them to support SIP. They are currently using expired I-Ds and > >proprietary attributes. As a result, I would strongly > advocate work on > >standardizing RADIUS usage with SIP. > > > >There are two areas of work that I see a need for: > > > >1. Digest authentication. The sterman draft > >(http://www.freeradius.org/radiusd/doc/rfc/draft-sterman-aaa- > sip-00.txt > >) is used quite a bit, it seems. It would be nice to standardize on > >this. > > > >2. Prepaid calling. Many folks are using vendor proprietary radius > >extensiosn to support prepaid calling. It would be nice to > bring those > >forward and standardize on them. > > > >-Jonathan R. > > > >Bernard Aboba wrote: > > > >>Is there some particular set of draft(s) that you are > advocating work on? > >>On Fri, 18 Jul 2003, Liess, Laura wrote: > >> > >>>I think most carriers currently use some kind of RADIUS > platform to > >>>do user authentication and they would like to reuse it in > the future > >>>to authenticate their SIP customers. > >>>My colleagues who are responsible for the RADIUS Platform of the > >>>Deutsche Telekom (CC)are currently on vacation so I could > not check > >>>with them now about how to answer this mail, but we already talked > >>>about this issue a number of times and my strong opinion is that > >>>"yes, Deutsche Telekom cares a lot about SIP and RADIUS". > Reusing the > >>>existing RADIUS platform for SIP authentication is a strong > >>>requirement for the development of SIP services within the > Deutsche Telekom. > >>> > >>>Laura (T-Systems/Deutsche Telekom Group) > >> > >>_______________________________________________ > >>Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > >>This list is for NEW development of the application of SIP Use > >>sip-implementors@cs.columbia.edu for questions on current sip Use > >>sip@ietf.org for new developments of core SIP > > > >-- > >Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > >Chief Technology Officer Parsippany, NJ 07054-2711 > >dynamicsoft > >jdrosen@dynamicsoft.com FAX: (973) 952-5050 > >http://www.jdrosen.net PHONE: (973) 952-5000 > >http://www.dynamicsoft.com > > > > > >_______________________________________________ > >Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > >This list is for NEW development of the application of SIP Use > >sip-implementors@cs.columbia.edu for questions on current sip Use > >sip@ietf.org for new developments of core SIP > > > _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- AW: [Sipping] FYI: RADIUS & SIP Liess, Laura
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jonathan Rosenberg
- Re: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Beck01, Wolfgang
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Beck01, Wolfgang
- Re: AW: [Sipping] FYI: RADIUS & SIP Henning Schulzrinne
- RE: AW: [Sipping] FYI: RADIUS & SIP Gunn, Janet
- Re: AW: [Sipping] FYI: RADIUS & SIP Henning Schulzrinne
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- Re: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- Re: AW: [Sipping] FYI: RADIUS & SIP Jiri Kuthan
- Re: AW: [Sipping] FYI: RADIUS & SIP Allison Mankin
- RE: AW: [Sipping] FYI: RADIUS & SIP john.loughney
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jari Arkko
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Jill B Gemmill
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- AW: [Sipping] FYI: RADIUS & SIP Liess, Laura
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jari Arkko
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jonathan Rosenberg
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: [Sipping] FYI: RADIUS & SIP Jiri Kuthan
- Re: [Sipping] FYI: RADIUS & SIP L.Liess
- Re: [Sipping] FYI: RADIUS & SIP Jiri Kuthan