From jch@irif.fr Sat Jan 13 18:04:26 2024 Return-Path: X-Original-To: wish@ietfa.amsl.com Delivered-To: wish@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB61CC14F602 for ; Sat, 13 Jan 2024 18:04:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.106 X-Spam-Level: X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=irif.fr Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VzyQQHRlU_C for ; Sat, 13 Jan 2024 18:04:20 -0800 (PST) Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E33EC14F601 for ; Sat, 13 Jan 2024 18:04:18 -0800 (PST) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 40E24EUS015574; Sun, 14 Jan 2024 03:04:14 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 82952270A2; Sun, 14 Jan 2024 03:04:14 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1705197853; x=1706061854; bh= MIbQWdVoR9fS330NVm/AmQMqk9rLAeggG/Hj1itEZC4=; b=PjJ3CMr3ehlIqrwX qHcD7v0CAyH45cSjcpRWVBnR8351Y/otxDnwTD1y7/1y91My4ceTk9do7NOJhA05 XC8pmS4PnNaDnWanoXnIfs449NypNzPV4tofet8M0pgwoYhGqjWLHyPjhLe8jLzP IP38yDJ/0GQJ/HqxTn81XP21kFtKraLOhMzWZSsdLCLP6gbZKKomDB+CF+Ag1n7z 2SCodMJMsoZ5zPMt53MYzTtUwIC66GVNI3oN9+snrxiTcn4ElDMuEPUdPbHTCWlz T0wBYKBXNObYhbn/wzC82PdTSSiUcVA2uBO221VORiRS6DWLBjcwv8fwTYDlPsbV MjZS8w== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 3jdv7ARQEU9e; Sun, 14 Jan 2024 03:04:13 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id AF35B26DCA; Sun, 14 Jan 2024 03:04:12 +0100 (CET) Date: Sun, 14 Jan 2024 03:04:11 +0100 Message-ID: <87edek4qn8.wl-jch@irif.fr> From: Juliusz Chroboczek To: Sergio Garcia Murillo Cc: WISH List In-Reply-To: References: <87v87x46xu.wl-jch@irif.fr> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sun, 14 Jan 2024 03:04:14 +0100 (CET) X-Miltered: at korolev with ID 65A3411E.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 65A3411E.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 65A3411E.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Archived-At: Subject: Re: [Wish] Can a client switch tokens? X-BeenThere: wish@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: WebRTC Ingest Signaling over HTTPS List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2024 02:04:26 -0000 > In order to prevent this scenario, WHIP endpoints SHOULD generate URLs > with enough randomness, I already do that, thanks. My question is whether I should allow switching tokens mid-session, or whether I should accept expired tokens on the session endpoint. I can see pros to either approach, so I'd like some advice from people wiser than me. (None of the clients that I've played with appear to be able to renew a token mid-session, so perhaps it's better to accept expired tokens and bind the token to the one used in the initial request.) -- Juliusz