Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
Christer Holmberg <christer.holmberg@ericsson.com> Sat, 18 May 2019 17:50 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE2EA120090 for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:50:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xSHwaklPFzW1 for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:50:49 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00077.outbound.protection.outlook.com [40.107.0.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 256E8120181 for <sipcore@ietf.org>; Sat, 18 May 2019 10:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ecSdjrJLa9sB4OINoCS8kdExGRH5GfHx5Owov7aaiw4=; b=fKg5FudX+i/4unbExCi9jm9sBQjzXlIVoazeZJRe/hHa578ap5BtPzkH31/hdPG/dZ00AwtxBCplVPTq+psyx33YBlms5XATJkcCGolrzA0yWTlc+Z74EN2KTQamSaUlgwFxQbF4m+5YqKBQyjQ+JIc2r8cFoRr75bcdai2ST00=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3403.eurprd07.prod.outlook.com (10.170.247.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.9; Sat, 18 May 2019 17:50:45 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.013; Sat, 18 May 2019 17:50:45 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, "Dale R. Worley" <worley@ariadne.com>
CC: SIPCORE <sipcore@ietf.org>
Thread-Topic: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
Thread-Index: AQHVDaEsb6699VZVvkm5wlNaw5cTyaZxOe8A
Date: Sat, 18 May 2019 17:50:45 +0000
Message-ID: <030A5F97-2F5F-4220-BDD7-7A554E8BBDE3@ericsson.com>
References: <87bm01mfwp.fsf@hobgoblin.ariadne.com> <CAGL6epKK=4YCJhsP9DB_R5P3EMZpR14WxY07xMwWrz-hE0hB_Q@mail.gmail.com>
In-Reply-To: <CAGL6epKK=4YCJhsP9DB_R5P3EMZpR14WxY07xMwWrz-hE0hB_Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [192.176.1.81]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 178637f2-0ff1-47e5-24a2-08d6dbb95a8d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3403;
x-ms-traffictypediagnostic: HE1PR07MB3403:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR07MB340382B0D5C03EC239D235A293040@HE1PR07MB3403.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0041D46242
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(39860400002)(366004)(346002)(136003)(18543002)(199004)(189003)(66946007)(73956011)(66556008)(6116002)(66476007)(26005)(2906002)(66066001)(229853002)(81156014)(6246003)(82746002)(6512007)(76116006)(3846002)(54896002)(8676002)(7736002)(68736007)(81166006)(236005)(6436002)(6306002)(8936002)(64756008)(36756003)(66446008)(53936002)(86362001)(256004)(14444005)(2616005)(606006)(71190400001)(71200400001)(966005)(316002)(11346002)(76176011)(33656002)(478600001)(83716004)(446003)(58126008)(5660300002)(102836004)(6506007)(53546011)(476003)(14454004)(486006)(25786009)(99286004)(44832011)(4326008)(186003)(6486002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3403; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HuvtyxXgNJ7Obm+eVUApT1s55YbUYCv0sYGR4g3Gu7WYDurt/q+XyTEsxuMZW5M1P/YHHPa4ubtvUWUaeDkqpTYU/RBepvOLoWSWrH7cr/1KwtzEFnHu9gNNuoSUg1DhyqJOWJCihyNHC9ACiis0G5Nt2pfkfbT1I/JJs2GwbdWPQdGNN0cuS52fhCiDzPMVjaXzOfazzzBgsTmtXX7Twm6RytsZBizAIljEVp3u84E9OhBcOf4Ilw/XrSzdWaaYctTUdPJiGORM4ozKj5Io27AL4mEiCWh4uJtVtgLU/YpS6OeIe3Y5JgcHMqk0QqY1xiwLZNCagdAtOe1Ash+aZqa1b0KYFaw00edBZSTKBWeg4jRYNtBHRzC4T69g//Pcz6yJ7+nkXs1+sFWx1bjcrP1Mfe2jVFqbRz4UnCLgZfE=
Content-Type: multipart/alternative; boundary="_000_030A5F972F5F4220BDD77A554E8BBDE3ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 178637f2-0ff1-47e5-24a2-08d6dbb95a8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2019 17:50:45.1897 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3403
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/AsSvKRf_hb0XKPJSfhO-ERxE5ho>
Subject: Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 May 2019 17:50:53 -0000
Hi, Regarding “authorized to use”, aren’t SIP clients allowed to use algorithms that aren’t in the registry? Regards, Christer From: sipcore <sipcore-bounces@ietf.org> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Date: Saturday, 18 May 2019 at 18.43 To: Dale Worley <worley@ariadne.com> Cc: "sipcore@ietf.org" <sipcore@ietf.org> Subject: Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme Thanks Dale! See my replies below. Regards, Rifaat On Fri, May 17, 2019 at 8:20 AM Dale R. Worley <worley@ariadne.com<mailto:worley@ariadne.com>> wrote: [resend -- for some reason, this didn't get through to the mailing list] Sorry for being late with this. Below are my detailed comments, but generally the significant ones fall into two groups: 1) When is the binding time of "the contents of the Hash Algorithms for HTTP Digest Authentication registry"? That is, if a new algorithm is added to the registry, does it automatically become authorized for use in SIP? My impression is that the answer is Yes. But if so, the wording should be updated in several places, because it seems to me that the current wording tends to imply that this document copies the list of algorithms from the registry at this time and authorizes those algorithms. Yes, that is correct. I will try to make it clearer; feel free to suggest a text, if you want. 2) There is discussion "The IANA registry ... specifies the algorithms ..... and specifies a priority for each algorithm." But I cannot find the word priority in the registry, nor in the sole reference in the registry, RFC 7616. Can you update this to point to whatever defines the priority? It is specified in section 3.7: https://tools.ietf.org/html/rfc7616#section-3.7 But I think the wording in the draft is confusing; I will try to clarify that. Dale ---------- Abstract This document updates the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for secure digest algorithms to replace the broken MD5 algorithm. Might be worth specifying what the "secure digest algorithms" are.. Ok 1. Introduction [...] which by default uses MD5 as the default algorithm. Do you want "default" twice in this phrase? No I do not :) I will fix that. This document updates the Digest Access Authentication scheme used by SIP to support the list of digest algorithms defined in the "Hash Algorithms for HTTP Digest Authentication" registry defined by [RFC7616]. This should be phrased "to support the algorithms defined in the "Hash Algorithms for HTTP Digest Authentication" registry". This phrasing gives a late-binding interpretation, that is, if an algorithm is added to the registry, ipso facto it becomes authorized for use in SIP. Ok 2. The SIP Digest Authentication Scheme This section describes the modifications to the operation of the Digest mechanism as specified in [RFC3261] in order to support the SHA- 256 and SHA-512/256 algorithms as described in [RFC7616], and also to require support for the "qop" option." Similarly, you want this to be late-binding: Ok. This section describes the modifications to the operation of the Digest mechanism as specified in [RFC3261] in order to support the algorithms defined in the "Hash Algorithms for HTTP Digest Authentication" registry defined by [RFC7616]. -- 2.1. Hash Algorithms The Digest scheme has an 'algorithm' parameter that specifies the algorithm to be used to compute the digest of the response. The IANA registry named "HTTP Digest Hash Algorithms" specifies the algorithms that correspond to 'algorithm' values, and specifies a priority for each algorithm. I don't see a priority specified in the registry. I will clarify it. 3. Augmented BNF for the SIP Protocol The number of hex digits must be specified by the specification of the algorithm used. It might be better to say that the number of hex digits is implied by the length of the value of the algorithm used, since the specification of an algorithm might explicitly define its output as a sequence of hex digits. Ok It extends the algorithm parameter as follows to allow for SHA2 algorithms to be used: Or indeed, any algorithm in the registry. Ok 5. IANA Considerations This document will use the algorithms defined in that registry. Again is the question of binding time: This document specifies that algorithms defined in that registry may be used in SIP digest authentication. Ok [END] _______________________________________________ sipcore mailing list sipcore@ietf.org<mailto:sipcore@ietf.org> https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] Resend: WGLC: draft-ietf-sipcore-digest… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Christer Holmberg
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef