Re: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10

"Roni Even (A)" <> Wed, 23 October 2019 12:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1E3191200D8; Wed, 23 Oct 2019 05:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U68Xe5Jp-c0m; Wed, 23 Oct 2019 05:28:55 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 86066120842; Wed, 23 Oct 2019 05:28:55 -0700 (PDT)
Received: from (unknown []) by Forcepoint Email with ESMTP id 69317A717DDB266ABF1A; Wed, 23 Oct 2019 13:28:52 +0100 (IST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 23 Oct 2019 13:28:51 +0100
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 23 Oct 2019 13:28:51 +0100
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Wed, 23 Oct 2019 13:28:51 +0100
Received: from ([]) by ([]) with mapi id 14.03.0439.000; Wed, 23 Oct 2019 20:28:45 +0800
From: "Roni Even (A)" <>
To: Rifaat Shekh-Yusef <>
CC: Roni Even <>, "" <>, "" <>, SIPCORE <>, "" <>
Thread-Topic: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10
Thread-Index: AQHViRLSQ7R64lV9bkWHewyHEr3U66dntzAw///qWoCAAIbwIA==
Date: Wed, 23 Oct 2019 12:28:44 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_6E58094ECC8D8344914996DAD28F1CCD23D931BFDGGEMM506MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Oct 2019 12:28:58 -0000

HI Rifaat,
OK, no other comments

From: Rifaat Shekh-Yusef []
Sent: Wednesday, October 23, 2019 3:25 PM
To: Roni Even (A)
Cc: Roni Even;;; SIPCORE;
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10

Hi Roni,

I agree with the ABNF issue. I will fix that in the next version of the draft.


On Wed, Oct 23, 2019 at 1:43 AM Roni Even (A) <<>> wrote:
Rifaat thanks,
See in line

On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatracker <<>> wrote:
Reviewer: Roni Even
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at


Document: draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: None
IESG Telechat date: 2019-10-31

The document is almost ready for publication as a standard track RFC

Major issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the challenges in the
response, then it SHOULD abandon attempts to send the request, e.g. if the UAC
   does not have credentials or has stale credentials for any of the realms,
   unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " If no
   credentials for a realm can be located, UACs MAY attempt to retry the
   request with a username of "anonymous" and no password (a  password of "").
   Is this deprecated ?

No, it is not deprecated by this document, and that part is covered by the last sentence of the quoted paragraph, which talks about a local policy.

RE: I have no strong feeling it is just that the language is different

2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it

These changes are provided in the context of RFC7616, so if an implementation supports "-sess" it could always refer to that document for these details.

RE: I think that the BNF

algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256"/ token )

should be

algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess / "SHA-512-256" / "SHA-256"/ token )

3. it may be good to have a backward compatibility section.
I believe we covered that in the security consideration section. Do you see anything missing there?

RE: OK, no problem.


Nits/editorial comments: