Re: [Wish] Can a client switch tokens?

Juliusz Chroboczek <jch@irif.fr> Sun, 14 January 2024 02:04 UTC

Return-Path: <jch@irif.fr>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB61CC14F602 for <wish@ietfa.amsl.com>; Sat, 13 Jan 2024 18:04:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=irif.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VzyQQHRlU_C for <wish@ietfa.amsl.com>; Sat, 13 Jan 2024 18:04:20 -0800 (PST)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E33EC14F601 for <wish@ietf.org>; Sat, 13 Jan 2024 18:04:18 -0800 (PST)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 40E24EUS015574; Sun, 14 Jan 2024 03:04:14 +0100
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 82952270A2; Sun, 14 Jan 2024 03:04:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1705197853; x=1706061854; bh= MIbQWdVoR9fS330NVm/AmQMqk9rLAeggG/Hj1itEZC4=; b=PjJ3CMr3ehlIqrwX qHcD7v0CAyH45cSjcpRWVBnR8351Y/otxDnwTD1y7/1y91My4ceTk9do7NOJhA05 XC8pmS4PnNaDnWanoXnIfs449NypNzPV4tofet8M0pgwoYhGqjWLHyPjhLe8jLzP IP38yDJ/0GQJ/HqxTn81XP21kFtKraLOhMzWZSsdLCLP6gbZKKomDB+CF+Ag1n7z 2SCodMJMsoZ5zPMt53MYzTtUwIC66GVNI3oN9+snrxiTcn4ElDMuEPUdPbHTCWlz T0wBYKBXNObYhbn/wzC82PdTSSiUcVA2uBO221VORiRS6DWLBjcwv8fwTYDlPsbV MjZS8w==
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 3jdv7ARQEU9e; Sun, 14 Jan 2024 03:04:13 +0100 (CET)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id AF35B26DCA; Sun, 14 Jan 2024 03:04:12 +0100 (CET)
Date: Sun, 14 Jan 2024 03:04:11 +0100
Message-ID: <87edek4qn8.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Cc: WISH List <wish@ietf.org>
In-Reply-To: <CA+ag07a0E7itrUONH8c8skZU_-bw_-bddjZtCa8Sho7YhL2WCQ@mail.gmail.com>
References: <87v87x46xu.wl-jch@irif.fr> <CA+ag07a0E7itrUONH8c8skZU_-bw_-bddjZtCa8Sho7YhL2WCQ@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.1 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sun, 14 Jan 2024 03:04:14 +0100 (CET)
X-Miltered: at korolev with ID 65A3411E.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 65A3411E.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 65A3411E.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/jhpq7nh6YLPZQXRXA7AT6vu-ILs>
Subject: Re: [Wish] Can a client switch tokens?
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jan 2024 02:04:26 -0000

> In order to prevent this scenario, WHIP endpoints SHOULD generate URLs
> with enough randomness,

I already do that, thanks.

My question is whether I should allow switching tokens mid-session, or
whether I should accept expired tokens on the session endpoint.  I can see
pros to either approach, so I'd like some advice from people wiser than me.

(None of the clients that I've played with appear to be able to renew
a token mid-session, so perhaps it's better to accept expired tokens and
bind the token to the one used in the initial request.)

-- Juliusz