IETF Logo Mail Archive

Re: [Wish] Authentication for resource url

Adam Roach <adam@nostrum.com> Wed, 15 September 2021 19:06 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E153A07CB for <wish@ietfa.amsl.com>; Wed, 15 Sep 2021 12:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.28
X-Spam-Level:
X-Spam-Status: No, score=-1.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, NICE_REPLY_A=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S67xIqTw3e0q for <wish@ietfa.amsl.com>; Wed, 15 Sep 2021 12:05:56 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAAED3A07C0 for <wish@ietf.org>; Wed, 15 Sep 2021 12:05:56 -0700 (PDT)
Received: from Zephyrus.local (76-218-40-253.lightspeed.dllstx.sbcglobal.net [76.218.40.253]) (authenticated bits=0) by nostrum.com (8.17.1/8.16.1) with ESMTPSA id 18FJ5ofT087406 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 15 Sep 2021 14:05:51 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1631732751; bh=QAbOSZWJDa7sd/je/rs8XM2h8e77UVojveO6eoM5Fs0=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=ta0kk647IPHD8PieziaSEozeY7WeljQf2VRRZVgZ/BSfShlhdbbEcs0Tq8ZAYES7/ CTHjheNztX2SVeo9pmvXey3riqUQU+RVoEPQgeJLkgvs8SGwZUIHrkCadgnwoqWYuA xygQwiftwS8xWfajofSgsq6I54vgNnPbrFCOmVG4=
X-Authentication-Warning: raven.nostrum.com: Host 76-218-40-253.lightspeed.dllstx.sbcglobal.net [76.218.40.253] claimed to be Zephyrus.local
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, WISH List <wish@ietf.org>
References: <CA+ag07bjtS1Ucw1BZ5qQ_jJFfXbfQ3-hzDgxfkV1APhV1JZMnQ@mail.gmail.com> <87ee9sfo63.wl-jch@irif.fr> <CA+ag07Y5Lduu=923bLpp_PC_NLiwpLCiEdfbCN-H3tDD8LnT3A@mail.gmail.com> <CAABnt0M2Vg-9=SwX=O1mFbyYTS4b7ewmevW2qzMf17fsagoc2Q@mail.gmail.com> <CA+ag07aJKFy2s_UD0L-PaGHNwA9XH6Khz+0tReOMMcweJ0Q0hQ@mail.gmail.com> <CAABnt0MSUuxYK1CvOQUmC-a4b_U9m7YQ+vhXfjaaDxFZE+_JOQ@mail.gmail.com> <CA+ag07bb5WfoUJRkQt37nYtkmtEi=Kpp44ihVNGRd=OytakADg@mail.gmail.com> <CAABnt0PXKPejtywBDizx_Og0d0qPp6qa6cXXsCjBrbTQHN9pKg@mail.gmail.com> <CAMyc9bXUXR5nrxoQsQwDqE46sHWN_8vicG_c53ZruRbC0gfeMw@mail.gmail.com> <877dfk9fil.wl-jch@irif.fr> <CA+ag07ZxJF95xd7y_ToRRNJmbRboRR56t=mnW+nGYFqpAkH61g@mail.gmail.com> <8735q72yo4.wl-jch@irif.fr> <CA+ag07Z6_Nd2VvWG4HyuXK=E3u2xn8a2a_xVCEWk3_yyfQSp3A@mail.gmail.com> <87r1dr89mr.wl-jch@irif.fr> <a12adb1d-da65-8290-7d91-d911aa0aa6cc@nostrum.com> <87ee9qyyum.wl-jch@irif.fr> <b9de2960-2f7f-3704-13dd-bd92a3592f56@nostrum.com> <871r5pelpg.wl-jch@irif.fr>
From: Adam Roach <adam@nostrum.com>
Message-ID: <b85a21dd-c83b-4ec3-a01d-739a07b10353@nostrum.com>
Date: Wed, 15 Sep 2021 14:05:45 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <871r5pelpg.wl-jch@irif.fr>
Content-Type: multipart/alternative; boundary="------------1297C4D3F5CA9A0A608AFF20"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/g7EPtTc2aCUEIdKQ8RPm-rsYwjo>
Subject: Re: [Wish] Authentication for resource url
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 19:06:01 -0000

On 9/15/21 13:29, Juliusz Chroboczek wrote:
>> I know my message was long, and I apologize for its length, but did you
>> make it to the last paragraph? It was aimed at your use case.
> Yes, I did.  You're suggesting a deterministic procedure to map
> a username/password to a bearer token, and arguing that it doesn't need to
> be normatively definded since it can be communicated out-of-band to the
> users.


I'm saying that, /for your server/, that's a choice you can make, and it 
works for your use case. There's going to need to be some kind of 
out-of-band communication to get them the WISH URL anyway, so adding 
that information on doesn't make anything more complicated.

To be clear, I wouldn't expect any other servers to use that scheme.

/a

v2.8.7 | Report a Bug | By Email