Re: AW: [Sipping] FYI: RADIUS & SIP
Michael Haberler <mah@eunet.at> Wed, 30 July 2003 16:58 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08071 for <sipping-archive@odin.ietf.org>; Wed, 30 Jul 2003 12:58:23 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19huH0-0000xe-Il for sipping-archive@odin.ietf.org; Wed, 30 Jul 2003 12:57:59 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h6UGvwo5003690 for sipping-archive@odin.ietf.org; Wed, 30 Jul 2003 12:57:58 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19huH0-0000xQ-DX for sipping-web-archive@optimus.ietf.org; Wed, 30 Jul 2003 12:57:58 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08049 for <sipping-web-archive@ietf.org>; Wed, 30 Jul 2003 12:57:51 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19huG9-0001lp-00 for sipping-web-archive@ietf.org; Wed, 30 Jul 2003 12:57:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19huG8-0001lm-00 for sipping-web-archive@ietf.org; Wed, 30 Jul 2003 12:57:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19huG6-0000oh-3c; Wed, 30 Jul 2003 12:57:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19huFO-0000mA-EA for sipping@optimus.ietf.org; Wed, 30 Jul 2003 12:56:18 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08016 for <sipping@ietf.org>; Wed, 30 Jul 2003 12:56:12 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19huFM-0001lD-00 for sipping@ietf.org; Wed, 30 Jul 2003 12:56:16 -0400
Received: from smtp-05.inode.at ([62.99.194.7] helo=smtp.inode.at) by ietf-mx with esmtp (Exim 4.12) id 19huFL-0001lA-00 for sipping@ietf.org; Wed, 30 Jul 2003 12:56:15 -0400
Received: from ap1.stiwoll.mah.priv.at ([62.99.233.53]:29367 helo=mah9.eunet.at) by smtp.inode.at with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.10) id 19huFC-0000Me-00; Wed, 30 Jul 2003 18:56:06 +0200
Message-Id: <5.2.0.9.2.20030730002949.043edc48@mail.inode.at>
X-Sender: mah#inode.at@mail.inode.at (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Wed, 30 Jul 2003 18:55:02 +0200
To: Jonathan Rosenberg <jdrosen@dynamicsoft.com>, Bernard Aboba <aboba@internaut.com>
From: Michael Haberler <mah@eunet.at>
Subject: Re: AW: [Sipping] FYI: RADIUS & SIP
Cc: "Liess, Laura" <Laura.Liess@t-systems.com>, hgs@cs.columbia.edu, sipping@ietf.org, "Dumler, Alexander" <Alexander.Dumler@telekom.de>, "Wolff, Christian" <Christian.Wolff@telekom.de>
In-Reply-To: <3F26B925.1010306@dynamicsoft.com>
References: <Pine.LNX.4.53.0307192036040.16327@internaut.com> <43240544763FB8479F1529372F6197CF053CC8CD@G8PQC.blf01.telekom.de> <Pine.LNX.4.53.0307192036040.16327@internaut.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; x-avg-checked="avg-ok-717A6E0D"; boundary="=======51A719FE======="
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
authenticating SIP users is very much like authenticating mobile users in cellular networks, and the solution developed for GSM - subscriber identity in a smart card - is IMV somthing we would be well advised to carry over to SIP space. The utility of SIM cards has been recognized for Internet-side authentication like EAP-SIM based WLAN roaming, in particular as there is an existing billing an authentication machinery which one can plug into from the Internet side. However, SIM cards could also be used in a strictly Internet-only service provider context as well. Plus, SIM-based authentication could be used as a bootstrap mechanism for X.509 certficate distribution and therefore for TLS mutual authentication. There is a draft for SIP authentication with Authentication and Key Agreement (AKA, http://www.ietf.org/internet-drafts/draft-torvinen-http-digest-aka-v2-00.txt and predecessor) which adresses authentication with UMTS SIM (USIM)cards. These have superior security properties compared to plain SIM cards. However, HTTP AKA cannot negotiate down to plain SIM authentication, and very few operators use USIM cards, so if we wait for USIM cards to be ubiquitious we might wait very long. Therefore, there is more pressing need for authentication with plain GSM SIM cards (about 900 million cards out there!), and there is currently no standard way of using those at the SIP level - although at the WLAN level, this has been adressed by EAP/SIM which gets around some of the weaknessess of plain SIM authentication. However, the HTTP EAP Digest draft apparently fell through, so we cannot combine HTTP EAP and EAP/SIM. So the area of work I see a need for is retrofitting EAP/SIM authentication flows into Digest authentication to create a strong interoperable HTTP SIM authentication method, and appropriate RADIUS support to back it up. Also, the RADIUS support behind HTTP AKA needs fleshing out. my vision is to have both WLAN/LAN access and SIP authenticated through the same SIM card. I see quite a market potential for such a feature set. -Michael Haberler At 14:12 29.07.2003 -0400, Jonathan Rosenberg wrote: >I know of several carriers with RADIUS infrastructures that want to use >them to support SIP. They are currently using expired I-Ds and proprietary >attributes. As a result, I would strongly advocate work on standardizing >RADIUS usage with SIP. > >There are two areas of work that I see a need for: > >1. Digest authentication. The sterman draft >(http://www.freeradius.org/radiusd/doc/rfc/draft-sterman-aaa-sip-00.txt) >is used quite a bit, it seems. It would be nice to standardize on this. > >2. Prepaid calling. Many folks are using vendor proprietary radius >extensiosn to support prepaid calling. It would be nice to bring >those forward and standardize on them. > >-Jonathan R. > >Bernard Aboba wrote: > >>Is there some particular set of draft(s) that you are advocating work on? >>On Fri, 18 Jul 2003, Liess, Laura wrote: >> >>>I think most carriers currently use some kind of RADIUS platform to do >>>user authentication and they would like to reuse it in the future to >>>authenticate their SIP customers. >>>My colleagues who are responsible for the RADIUS Platform of the >>>Deutsche Telekom (CC)are currently on vacation so I could not check with >>>them now about how to answer this mail, but we already talked about this >>>issue a number of times and my strong opinion is that "yes, Deutsche >>>Telekom cares a lot about SIP and RADIUS". Reusing the existing RADIUS >>>platform for SIP authentication is a strong requirement for the >>>development of SIP services within the Deutsche Telekom. >>> >>>Laura (T-Systems/Deutsche Telekom Group) >> >>_______________________________________________ >>Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping >>This list is for NEW development of the application of SIP >>Use sip-implementors@cs.columbia.edu for questions on current sip >>Use sip@ietf.org for new developments of core SIP > >-- >Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza >Chief Technology Officer Parsippany, NJ 07054-2711 >dynamicsoft >jdrosen@dynamicsoft.com FAX: (973) 952-5050 >http://www.jdrosen.net PHONE: (973) 952-5000 >http://www.dynamicsoft.com > > >_______________________________________________ >Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping >This list is for NEW development of the application of SIP >Use sip-implementors@cs.columbia.edu for questions on current sip >Use sip@ietf.org for new developments of core SIP >
- AW: [Sipping] FYI: RADIUS & SIP Liess, Laura
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jonathan Rosenberg
- Re: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Beck01, Wolfgang
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Beck01, Wolfgang
- Re: AW: [Sipping] FYI: RADIUS & SIP Henning Schulzrinne
- RE: AW: [Sipping] FYI: RADIUS & SIP Gunn, Janet
- Re: AW: [Sipping] FYI: RADIUS & SIP Henning Schulzrinne
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- Re: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- RE: AW: [Sipping] FYI: RADIUS & SIP Michael Haberler
- Re: AW: [Sipping] FYI: RADIUS & SIP Jiri Kuthan
- Re: AW: [Sipping] FYI: RADIUS & SIP Allison Mankin
- RE: AW: [Sipping] FYI: RADIUS & SIP john.loughney
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jari Arkko
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Jill B Gemmill
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- AW: [Sipping] FYI: RADIUS & SIP Liess, Laura
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jari Arkko
- RE: AW: [Sipping] FYI: RADIUS & SIP Henry Sinnreich
- Re: AW: [Sipping] FYI: RADIUS & SIP Jonathan Rosenberg
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: AW: [Sipping] FYI: RADIUS & SIP Bernard Aboba
- Re: [Sipping] FYI: RADIUS & SIP Jiri Kuthan
- Re: [Sipping] FYI: RADIUS & SIP L.Liess
- Re: [Sipping] FYI: RADIUS & SIP Jiri Kuthan