[stir] Realm Crossover + ENUM for security identity
Rick van Rein <rick@openfortress.nl> Mon, 17 October 2022 07:36 UTC
Return-Path: <vanrein@vanrein.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D1F6C14CF15 for <stir@ietfa.amsl.com>; Mon, 17 Oct 2022 00:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.347
X-Spam-Level:
X-Spam-Status: No, score=-2.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kpnmail.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HE2vF64Eg5Mh for <stir@ietfa.amsl.com>; Mon, 17 Oct 2022 00:35:54 -0700 (PDT)
Received: from ewsoutbound.kpnmail.nl (ewsoutbound.kpnmail.nl [195.121.94.169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3E43C14CF14 for <stir@ietf.org>; Mon, 17 Oct 2022 00:35:44 -0700 (PDT)
X-KPN-MessageId: 4ad1448f-4dee-11ed-823a-005056abad63
Received: from smtp.kpnmail.nl (unknown [10.31.155.39]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id 4ad1448f-4dee-11ed-823a-005056abad63; Mon, 17 Oct 2022 09:35:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpnmail.nl; s=kpnmail01; h=content-type:mime-version:message-id:subject:to:from:date; bh=ca8+rThNlomwBZnsG7oOyTy5GWkdBcuCF7RPump0NqU=; b=njZ0hXzTs7NecHQQKyJZMi/N3ZKmqpgaCmxVz/HGF8S4dAJtbAVFhkoTCMHkROW/cuzmlK0rZ/IGB I0DuRzOeI8y9iYGETNrLh3dRWb1MOckEgJeX4I1mQfCKpryc+oXPEhjNx3aO7a2KyVEw2urwT5WVp2 t7xQ6Sp+m4+EBp7I=
X-KPN-MID: 33|/HtKk/PU7jkcyHLqwYy1BvfuqpmXrlTFbiVdx7z6EiFau3h0h0teq1Cu2V/glng 27Fl8pc52PHv7rMAHCuMIqVKHAZXzoABAA19X6KRATto=
X-KPN-VerifiedSender: No
X-CMASSUN: 33|Wt6SIwum/QxJXH4y4wjDINstdlrYAlQHQ1Zm6OBwIXEI88fDApYsWxMmycUZtSd cs2d8QZ3ZoB/LNgh1f6gddg==
X-Originating-IP: 77.173.183.203
Received: from fame.vanrein.org (77-173-183-203.fixed.kpn.net [77.173.183.203]) by smtp.xs4all.nl (Halon) with ESMTPSA id 4d2b47e1-4dee-11ed-b8b1-005056ab7447; Mon, 17 Oct 2022 09:35:41 +0200 (CEST)
Received: by fame.vanrein.org (Postfix, from userid 1000) id F20E429E6B; Mon, 17 Oct 2022 07:35:40 +0000 (UTC)
Date: Mon, 17 Oct 2022 07:35:40 +0000
From: Rick van Rein <rick@openfortress.nl>
To: stir@ietf.org
Message-ID: <20221017073540.GA15330@openfortress.nl>
Mail-Followup-To: stir@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/oOz64E2q5tzypEH-IPGBL0GxmYw>
Subject: [stir] Realm Crossover + ENUM for security identity
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2022 07:36:00 -0000
Hello STIR, I discovered your WG while I was looking through the London agenda. I have been working on authentication across domain names, and found it straightforward to add ENUM support for phone numbers. We mostly use SASL because it works in very many protocols, though we also keep an eye open for Kerberos and X.509. Each has their pros and cons. Some protocols can benefit from having SASL authentication added, notably HTTP and SIP, so I wrote specifications for that. The HTTP variant is pretty mature and I am talking about it to HTTPbis, and I recently wrote a SIP embedding for SASL based on the HTTP form. I am wondering if this is of interest to STIR and, if so, if there is anything I can do for you during the London IETF. Let me know. I will add relevant document references for your information. Best, Rick van Rein InternetWide.org ----- 8< -------- 8< -------- 8< -------- 8< -------- 8< ----- draft-vanrein-internetwide-realm-crossover Documents the general idea of Realm Crossover with hints at technology. Suitable as a shared introduction for our work, but it is not very technical. draft-vanrein-diameter-sasl Mechanisms to support Realm Crossover in SASL. No change to the application protocol, but an SXOVER-PLUS mechanism and realm crossing with Diameter. draft-vanrein-httpauth-sasl Adds SASL authentication in the HTTP Authentication framework. draft-vanrein-sipauth-sasl Adds SASL authentication to SIP, based on the HTTP extension.
- [stir] Realm Crossover + ENUM for security identiā¦ Rick van Rein