Re: [tram] Two new authentication mechanisms
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 01 July 2014 05:52 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E241A015B for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 22:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v79T27TBK2Sz for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 22:52:24 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E68371A014D for <tram@ietf.org>; Mon, 30 Jun 2014 22:52:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3888; q=dns/txt; s=iport; t=1404193943; x=1405403543; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=209sCJZtWqvBlu2B6v2lvhYbosr+QmaoEjf2djsx3Po=; b=CTsIoKlXsEUMtvd86Q+PDLaxPszB5+tpJv9BbbldtKyDPpUi0wEtA5aC f1NoH5LkIq7Sc2+b/mzyWIccE8u2S+ut1l71bteZYCWQO3DbOio7wwq7P F5CWbZAxSWs/eDVzdTNYcos+Nl+/pflp391icQP9+m+d0JcMm+XlcPYvV M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: As8FAE1MslOtJV2Q/2dsb2JhbABagw1SWoJuqDIBAQEBAQEFAQJsAZIHh0QBGXQWdYQDAQEBBAEBASAROgsMBgEIDgMEAQEDAgYdAwIEHwYLFAEICQEEDgUIiCYDEQ2rN5VgDYYlF4ErhDmGfIF2MQ2CcTaBFgWYY4NGjCWGEoNCgjA
X-IronPort-AV: E=Sophos;i="5.01,580,1400025600"; d="scan'208";a="57340731"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-8.cisco.com with ESMTP; 01 Jul 2014 05:52:23 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id s615qN3O022791 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 1 Jul 2014 05:52:23 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.102]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.03.0123.003; Tue, 1 Jul 2014 00:52:22 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Oleg Moskalenko <mom040267@gmail.com>
Thread-Topic: [tram] Two new authentication mechanisms
Thread-Index: Ac+U8J3s//GQasFmSzCtc7pMvGOoPw==
Date: Tue, 01 Jul 2014 05:52:22 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A282E8B26@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.60.74]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/FVHaxipZuEIvTs9Hx-xGvQWWgxo
Cc: Simon Perreault <simon@per.reau.lt>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] Two new authentication mechanisms
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 05:52:25 -0000
Hi Oleg, Good question. 1) Don't we still need realm in the third-party authorization ? Reply> No 2) Am I missing something ? I was under impression that we still have realms, together with the tokens. Reply> The kid (unique key identifier) used in the draft solves the problem of TURN server (resource server) to interact with different authorization servers (from different domains); At high-level it works as follows, kid is returned by the authorization server which is signaled by the client to the TURN server, TURN server uses kid to pick the appropriate keying material. Thanks and Regards, -Tiru From: Oleg Moskalenko [mailto:mom040267@gmail.com] Sent: Tuesday, July 01, 2014 1:13 AM To: Tirumaleswar Reddy (tireddy) Cc: Simon Perreault; tram@ietf.org Subject: Re: [tram] Two new authentication mechanisms I agree that two drafts can be kept independently. As for the ORIGIN attribute in the third-party authorization environment - don't we still need realm in the third-party authorization ? Am I missing something ? I was under impression that we still have realms, together with the tokens. Thanks Oleg On Mon, Jun 30, 2014 at 10:53 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com> wrote: I support adoption of both drafts. I think there is no interaction required between these two drafts. For example If third party authorization is used then ORIGIN attribute could be used by the TURN server for logging purpose. -Tiru > -----Original Message----- > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Simon Perreault > Sent: Friday, June 27, 2014 6:51 PM > To: tram@ietf.org > Subject: [tram] Two new authentication mechanisms > > TRAMsters, > > We are soliciting discussion on the potential adoption as working-group > documents of these two drafts: > > http://tools.ietf.org/html/draft-johnston-tram-stun-origin > http://tools.ietf.org/html/draft-reddy-tram-turn-third-party-authz > > They would be targeted at fulfilling milestone 4 ("Nov 2014 - Send new > authentication mechanism(s) to IESG for publication as Proposed Standard"). > > If you would like to see one or both of the drafts adopted, or if you are opposed, > please explain why. Authors, we will assume you are for adoption of your own > drafts. > > Please consider the interactions between the two drafts. Is there anything > interesting or problematic? What about overlap in function? Is there any? If so, > is it necessary or problematic? > > Let's take two weeks to discuss this. > > Thanks, > Simon & Gonzalo > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram _______________________________________________ tram mailing list tram@ietf.org https://www.ietf.org/mailman/listinfo/tram
- [tram] Two new authentication mechanisms Simon Perreault
- Re: [tram] Two new authentication mechanisms Yoakum, John H (John)
- Re: [tram] Two new authentication mechanisms Tirumaleswar Reddy (tireddy)
- Re: [tram] Two new authentication mechanisms Alan Johnston
- Re: [tram] Two new authentication mechanisms Gonzalo Salgueiro (gsalguei)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Tirumaleswar Reddy (tireddy)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Ram Mohan R (rmohanr)
- Re: [tram] Two new authentication mechanisms Anca Zamfir (ancaz)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Pal Martinsen (palmarti)
- Re: [tram] Two new authentication mechanisms Muthu Arul
- Re: [tram] Two new authentication mechanisms Wilson Chen (weichen2)
- Re: [tram] Two new authentication mechanisms Simon Perreault
- Re: [tram] Two new authentication mechanisms Brandon Williams