Protocol Action: 'The Session Initiation Protocol (SIP) Digest Authentication Scheme' to Proposed Standard (draft-ietf-sipcore-digest-scheme-15.txt)

The IESG <iesg-secretary@ietf.org> Fri, 15 November 2019 01:56 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'The Session Initiation Protocol (SIP) Digest Authentication Scheme' to Proposed Standard (draft-ietf-sipcore-digest-scheme-15.txt)
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, Jean Mahoney <mahoney@nostrum.com>, adam@nostrum.com, sipcore-chairs@ietf.org, sipcore@ietf.org, mahoney@nostrum.com, draft-ietf-sipcore-digest-scheme@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157378298772.11542.14599529102850407275.idtracker@ietfa.amsl.com>
Date: Thu, 14 Nov 2019 17:56:27 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/msGMUHhS2mVmalNGeEsUXCpq43c>

The IESG has approved the following document:
- 'The Session Initiation Protocol (SIP) Digest Authentication Scheme'
(draft-ietf-sipcore-digest-scheme-15.txt) as Proposed Standard

This document is the product of the Session Initiation Protocol Core Working
Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/

Technical Summary

The authentication framework for the Session Initiation Protocol (SIP, RFC 3261) closely parallels that of the Hypertext Transfer Protocol (HTTP) Digest Access Authentication (RFC 2617). RFC 2617 was obsoleted by RFC 7616, which introduces more secure digest algorithms (e.g., SHA-256 and SHA-512-256). This document updates the authentication scheme used by SIP to add support for these more secure algorithms that are listed in the "Hash Algorithms for HTTP Digest Authentication" registry created by RFC 7616. Although the MD5 algorithm is considered cryptographically broken, it is still supported for backward compatibility.

Working Group Summary

Work on this topic (initially as draft-yusef-sipcore-digest-scheme) started in January 2014, somewhat in parallel with the HTTP Digest Access Authentication work [RFC7616]. The SIPCORE participants who voiced an opinion thought it was a good idea, and provided careful reviews. The draft went through multiple iterations as feedback was incorporated. There was no pushback against the concept on-list; however, at the London IETF 89 SIPCORE WG session, it was discussed that SIP authentication in general needed an overhaul, not just the digest scheme. While some work went into that effort, both the new work and draft-yusef-sipcore-digest-scheme expired about six months later. In 2017 the author resurrected the draft, and again the draft received support and feedback, but then the draft expired later in the year. It was resurrected again in spring 2019, and adopted as a WG item.

Document Quality

The content of this document has been implemented and deployed in mobile IMS networks. Several reviewers provided substantial feedback and they have been thanked in the Acknowledgments section. The content of the document does not require expert review.

Personnel

Document Shepherd: Jean Mahoney
Responsible Area Director: Adam Roach

Protocol Action: 'The Session Initiation Protocol… The IESG