Re: [tram] Two new authentication mechanisms
Oleg Moskalenko <mom040267@gmail.com> Tue, 01 July 2014 06:22 UTC
Return-Path: <mom040267@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F48C1B279B for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 23:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNbujgdSlSj5 for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 23:22:35 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9DA51B27BD for <tram@ietf.org>; Mon, 30 Jun 2014 23:22:29 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id n3so7140363wiv.3 for <tram@ietf.org>; Mon, 30 Jun 2014 23:22:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LhnfyeP1xDtVMrxFW0P/WaT0X/oh0df3LsnV6pHRyCg=; b=O7CF4RD6B9msKP4/5lrS3SeAEaELG7mW7awyIk/cFVD2dJHI54jat/IgmE4AvNEs9y FkYUKT91k20RnsBeon4NMAi0zZOoj1m+cOeho6F4zH809CYCgkhUtftsBSfVzJcKWbi4 DtAMabTA1yvnhulqSB8+YZFQM5zEJPOvW00DFRhILJ9M30UAUV+/UUAJMR1AI8Cbmp2h hmafIkML5cJU91vhDP3DUNX2Befo3BQyTG8OiE6yuIuoB1JQvWa0j7Vp2tSBdu/cpZkv 8Elx4nr2TbrOJ2g9TqcmhK2yrGmSDymGW6P7f4uaU7xVx93UvMY9odsPdyYJOvCV2TOZ umlQ==
MIME-Version: 1.0
X-Received: by 10.180.101.39 with SMTP id fd7mr33773971wib.65.1404195748619; Mon, 30 Jun 2014 23:22:28 -0700 (PDT)
Received: by 10.194.120.71 with HTTP; Mon, 30 Jun 2014 23:22:28 -0700 (PDT)
In-Reply-To: <913383AAA69FF945B8F946018B75898A282E8B26@xmb-rcd-x10.cisco.com>
References: <913383AAA69FF945B8F946018B75898A282E8B26@xmb-rcd-x10.cisco.com>
Date: Mon, 30 Jun 2014 23:22:28 -0700
Message-ID: <CALDtMrLsRbvVBdwk3Lo9hAhaqv_=sX913suM-Qt2aadj14E3UQ@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: multipart/alternative; boundary="f46d041825d2caadc104fd1bcc70"
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/h_O2tNPTUztNPJRjH4XMKPylEnE
Cc: Simon Perreault <simon@per.reau.lt>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] Two new authentication mechanisms
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 06:22:36 -0000
OK... thanks for the explanation. Kid is a sort of "realm"... That's cool. Regards, Oleg On Mon, Jun 30, 2014 at 10:52 PM, Tirumaleswar Reddy (tireddy) < tireddy@cisco.com> wrote: > Hi Oleg, > > Good question. > > 1) Don't we still need realm in the third-party authorization ? > Reply> No > 2) Am I missing something ? I was under impression that we still have > realms, together with the tokens. > Reply> The kid (unique key identifier) used in the draft solves the > problem of TURN server (resource server) to interact with different > authorization servers (from different domains); At high-level it works as > follows, kid is returned by the authorization server which is signaled by > the client to the TURN server, TURN server uses kid to pick the appropriate > keying material. > > Thanks and Regards, > -Tiru > > From: Oleg Moskalenko [mailto:mom040267@gmail.com] > Sent: Tuesday, July 01, 2014 1:13 AM > To: Tirumaleswar Reddy (tireddy) > Cc: Simon Perreault; tram@ietf.org > Subject: Re: [tram] Two new authentication mechanisms > > I agree that two drafts can be kept independently. > As for the ORIGIN attribute in the third-party authorization environment - > don't we still need realm in the third-party authorization ? Am I missing > something ? I was under impression that we still have realms, together with > the tokens. > Thanks > Oleg > > On Mon, Jun 30, 2014 at 10:53 AM, Tirumaleswar Reddy (tireddy) < > tireddy@cisco.com> wrote: > I support adoption of both drafts. I think there is no interaction > required between these two drafts. For example If third party authorization > is used then ORIGIN attribute could be used by the TURN server for logging > purpose. > > -Tiru > > > -----Original Message----- > > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Simon Perreault > > Sent: Friday, June 27, 2014 6:51 PM > > To: tram@ietf.org > > Subject: [tram] Two new authentication mechanisms > > > > TRAMsters, > > > > We are soliciting discussion on the potential adoption as working-group > > documents of these two drafts: > > > > http://tools.ietf.org/html/draft-johnston-tram-stun-origin > > http://tools.ietf.org/html/draft-reddy-tram-turn-third-party-authz > > > > They would be targeted at fulfilling milestone 4 ("Nov 2014 - Send new > > authentication mechanism(s) to IESG for publication as Proposed > Standard"). > > > > If you would like to see one or both of the drafts adopted, or if you > are opposed, > > please explain why. Authors, we will assume you are for adoption of your > own > > drafts. > > > > Please consider the interactions between the two drafts. Is there > anything > > interesting or problematic? What about overlap in function? Is there > any? If so, > > is it necessary or problematic? > > > > Let's take two weeks to discuss this. > > > > Thanks, > > Simon & Gonzalo > > > > _______________________________________________ > > tram mailing list > > tram@ietf.org > > https://www.ietf.org/mailman/listinfo/tram > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram > >
- [tram] Two new authentication mechanisms Simon Perreault
- Re: [tram] Two new authentication mechanisms Yoakum, John H (John)
- Re: [tram] Two new authentication mechanisms Tirumaleswar Reddy (tireddy)
- Re: [tram] Two new authentication mechanisms Alan Johnston
- Re: [tram] Two new authentication mechanisms Gonzalo Salgueiro (gsalguei)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Tirumaleswar Reddy (tireddy)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Ram Mohan R (rmohanr)
- Re: [tram] Two new authentication mechanisms Anca Zamfir (ancaz)
- Re: [tram] Two new authentication mechanisms Oleg Moskalenko
- Re: [tram] Two new authentication mechanisms Pal Martinsen (palmarti)
- Re: [tram] Two new authentication mechanisms Muthu Arul
- Re: [tram] Two new authentication mechanisms Wilson Chen (weichen2)
- Re: [tram] Two new authentication mechanisms Simon Perreault
- Re: [tram] Two new authentication mechanisms Brandon Williams