IETF Logo Mail Archive

Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme

Christer Holmberg <christer.holmberg@ericsson.com> Sat, 18 May 2019 17:50 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE2EA120090 for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:50:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xSHwaklPFzW1 for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:50:49 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00077.outbound.protection.outlook.com [40.107.0.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 256E8120181 for <sipcore@ietf.org>; Sat, 18 May 2019 10:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ecSdjrJLa9sB4OINoCS8kdExGRH5GfHx5Owov7aaiw4=; b=fKg5FudX+i/4unbExCi9jm9sBQjzXlIVoazeZJRe/hHa578ap5BtPzkH31/hdPG/dZ00AwtxBCplVPTq+psyx33YBlms5XATJkcCGolrzA0yWTlc+Z74EN2KTQamSaUlgwFxQbF4m+5YqKBQyjQ+JIc2r8cFoRr75bcdai2ST00=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3403.eurprd07.prod.outlook.com (10.170.247.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.9; Sat, 18 May 2019 17:50:45 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.013; Sat, 18 May 2019 17:50:45 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, "Dale R. Worley" <worley@ariadne.com>
CC: SIPCORE <sipcore@ietf.org>
Thread-Topic: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
Thread-Index: AQHVDaEsb6699VZVvkm5wlNaw5cTyaZxOe8A
Date: Sat, 18 May 2019 17:50:45 +0000
Message-ID: <030A5F97-2F5F-4220-BDD7-7A554E8BBDE3@ericsson.com>
References: <87bm01mfwp.fsf@hobgoblin.ariadne.com> <CAGL6epKK=4YCJhsP9DB_R5P3EMZpR14WxY07xMwWrz-hE0hB_Q@mail.gmail.com>
In-Reply-To: <CAGL6epKK=4YCJhsP9DB_R5P3EMZpR14WxY07xMwWrz-hE0hB_Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [192.176.1.81]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 178637f2-0ff1-47e5-24a2-08d6dbb95a8d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3403;
x-ms-traffictypediagnostic: HE1PR07MB3403:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR07MB340382B0D5C03EC239D235A293040@HE1PR07MB3403.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0041D46242
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(39860400002)(366004)(346002)(136003)(18543002)(199004)(189003)(66946007)(73956011)(66556008)(6116002)(66476007)(26005)(2906002)(66066001)(229853002)(81156014)(6246003)(82746002)(6512007)(76116006)(3846002)(54896002)(8676002)(7736002)(68736007)(81166006)(236005)(6436002)(6306002)(8936002)(64756008)(36756003)(66446008)(53936002)(86362001)(256004)(14444005)(2616005)(606006)(71190400001)(71200400001)(966005)(316002)(11346002)(76176011)(33656002)(478600001)(83716004)(446003)(58126008)(5660300002)(102836004)(6506007)(53546011)(476003)(14454004)(486006)(25786009)(99286004)(44832011)(4326008)(186003)(6486002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3403; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HuvtyxXgNJ7Obm+eVUApT1s55YbUYCv0sYGR4g3Gu7WYDurt/q+XyTEsxuMZW5M1P/YHHPa4ubtvUWUaeDkqpTYU/RBepvOLoWSWrH7cr/1KwtzEFnHu9gNNuoSUg1DhyqJOWJCihyNHC9ACiis0G5Nt2pfkfbT1I/JJs2GwbdWPQdGNN0cuS52fhCiDzPMVjaXzOfazzzBgsTmtXX7Twm6RytsZBizAIljEVp3u84E9OhBcOf4Ilw/XrSzdWaaYctTUdPJiGORM4ozKj5Io27AL4mEiCWh4uJtVtgLU/YpS6OeIe3Y5JgcHMqk0QqY1xiwLZNCagdAtOe1Ash+aZqa1b0KYFaw00edBZSTKBWeg4jRYNtBHRzC4T69g//Pcz6yJ7+nkXs1+sFWx1bjcrP1Mfe2jVFqbRz4UnCLgZfE=
Content-Type: multipart/alternative; boundary="_000_030A5F972F5F4220BDD77A554E8BBDE3ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 178637f2-0ff1-47e5-24a2-08d6dbb95a8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2019 17:50:45.1897 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3403
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/AsSvKRf_hb0XKPJSfhO-ERxE5ho>
Subject: Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 May 2019 17:50:53 -0000

Hi,

Regarding “authorized to use”, aren’t SIP clients allowed to use algorithms that aren’t in the registry?

Regards,

Christer

From: sipcore <sipcore-bounces@ietf.org> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Saturday, 18 May 2019 at 18.43
To: Dale Worley <worley@ariadne.com>
Cc: "sipcore@ietf.org" <sipcore@ietf.org>
Subject: Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme

Thanks Dale!

See my replies below.

Regards,
 Rifaat


On Fri, May 17, 2019 at 8:20 AM Dale R. Worley <worley@ariadne.com<mailto:worley@ariadne.com>> wrote:
[resend -- for some reason, this didn't get through to the mailing list]

Sorry for being late with this.  Below are my detailed comments, but
generally the significant ones fall into two groups:

1) When is the binding time of "the contents of the Hash Algorithms for
HTTP Digest Authentication registry"?  That is, if a new algorithm is
added to the registry, does it automatically become authorized for use
in SIP?

My impression is that the answer is Yes.  But if so, the wording should
be updated in several places, because it seems to me that the current
wording tends to imply that this document copies the list of algorithms
from the registry at this time and authorizes those algorithms.

Yes, that is correct.
I will try to make it clearer; feel free to suggest a text, if you want.



2) There is discussion "The IANA registry ... specifies the algorithms
..... and specifies a priority for each algorithm."  But I cannot find the word
priority in the registry, nor in the sole reference in the registry, RFC
7616.  Can you update this to point to whatever defines the priority?

It is specified in section 3.7:
https://tools.ietf.org/html/rfc7616#section-3.7

But I think the wording in the draft is confusing; I will try to clarify that.


Dale

----------

   Abstract

   This document updates the Digest Access Authentication scheme used by
   the Session Initiation Protocol (SIP) to add support for secure
   digest algorithms to replace the broken MD5 algorithm.

Might be worth specifying what the "secure digest algorithms" are..

Ok



   1.  Introduction

   [...] which by default uses MD5 as
   the default algorithm.

Do you want "default" twice in this phrase?
No I do not :)
I will fix that.


   This document updates the Digest Access Authentication scheme used by
   SIP to support the list of digest algorithms defined in the "Hash
   Algorithms for HTTP Digest Authentication" registry defined by
   [RFC7616].

This should be phrased "to support the algorithms defined in the "Hash
Algorithms for HTTP Digest Authentication" registry".  This phrasing
gives a late-binding interpretation, that is, if an algorithm is added
to the registry, ipso facto it becomes authorized for use in SIP.

Ok


   2.  The SIP Digest Authentication Scheme

   This section describes the modifications to the operation of the
   Digest mechanism as specified in [RFC3261] in order to support the
   SHA- 256 and SHA-512/256 algorithms as described in [RFC7616], and
   also to require support for the "qop" option."

Similarly, you want this to be late-binding:

Ok.



   This section describes the modifications to the operation of the
   Digest mechanism as specified in [RFC3261] in order to support the
   algorithms defined in the "Hash Algorithms for HTTP Digest
   Authentication" registry defined by [RFC7616].

--

   2.1.  Hash Algorithms

   The Digest scheme has an 'algorithm' parameter that specifies the
   algorithm to be used to compute the digest of the response.  The IANA
   registry named "HTTP Digest Hash Algorithms" specifies the algorithms
   that correspond to 'algorithm' values, and specifies a priority for
   each algorithm.

I don't see a priority specified in the registry.

I will clarify it.


   3.  Augmented BNF for the SIP Protocol

   The number of hex digits must be specified by the specification of
   the algorithm used.

It might be better to say that the number of hex digits is implied by
the length of the value of the algorithm used, since the specification
of an algorithm might explicitly define its output as a sequence of
hex digits.
Ok


   It extends the algorithm parameter as follows to allow for SHA2
   algorithms to be used:

Or indeed, any algorithm in the registry.
Ok

   5.  IANA Considerations

   This document will use the algorithms defined in that
   registry.

Again is the question of binding time:

   This document specifies that algorithms defined in that registry
   may be used in SIP digest authentication.
Ok



[END]

_______________________________________________
sipcore mailing list
sipcore@ietf.org<mailto:sipcore@ietf.org>
https://www.ietf.org/mailman/listinfo/sipcore

v2.23.0 | Report a Bug | By Email