IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 31 October 2019 18:02 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CBC71200E6 for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 11:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Il5z4jq1e0tA for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 11:02:55 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03E8212008B for <sipcore@ietf.org>; Thu, 31 Oct 2019 11:02:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XpHQrupYpPi5eJ0prxtIfAw/JZ+7n5Yx4D0/RCQwnfqpK9NDnC3zoFgm4WUqu+3M7xJl0Qg7R5Lim0dR7c8RXAoyb4Wc8ZzyuW6a0N3zcGV2O6pKn4zjCeHcTTeURVuK4GLPe647WpbfbdUQhHfkmMgucp4K6o6CPmf20WBnipyAD4d2P1vNLkgX4L7K6X7t+chZqBR3gk12QwUMlEJZ/1S288sKkwgCimt9e5+tqFZi5GK66rs3j2W17RgS1io+WWGN0oA2OZyDJGa3tcSqqZVlj3nl5bEQPtyVuyXHOn6uR82Dc8qwGptGxwECoFiaIcXnAV786RvM2yB17TPX8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PLNTffbKAxu1Rf0oe/sSe4NBZTG2MqLnw6jhXJO+h6Q=; b=glDdXZU8cfzTlpO/ntSLBgOMsi5OzElnv0115b3mZKLGVAiAi5h6RAd5+QwdrDdDzdKTrghvETS7NFy2eHqiktSEesDSlu31Bon7hXHaFIehqW6BY8hU7ZDrVg9QMcPIOvJXuSCqWtfJTqgo7NnWWIycik842Www5ZibdZ2wEftk6sG1A+6BLffh46rnb8H5zUmseURNm72mqbZXdwKadanpMtgKE1Mn0MYXecD/07VtHcRuiwD7+PGEBLjOHB0UjQ/N4kNyBKlPnEU9Mvn3JdikZtKJFkek+dCGXGWYTDBlgUtjH1S3B+5JVbWdLEHA4HTHDUE4Pk6zsgXPcT2lCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PLNTffbKAxu1Rf0oe/sSe4NBZTG2MqLnw6jhXJO+h6Q=; b=k/4Z+FSZNsmekRvSOTjWOJDYe/YWs45LFj45ctfS0+RxA8DWnkFexj2gu375IcC382rsgVMepGnaQrXyNW0jdXiL2PQwZxiatUHcWuAUo1IcvfDnjnL773gNlOD9KBqktgAGdUC6BS6WRWMnjyidrwK/d2kTXwaaknz6QwNdzOU=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3066.eurprd07.prod.outlook.com (10.170.246.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Thu, 31 Oct 2019 18:02:52 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 18:02:52 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Maxim Sobolev <sobomax@sippysoft.com>, "sipcore@ietf.org" <sipcore@ietf.org>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
Thread-Index: AQHVj+36UkhoVX+J8UyXIPVAeq6wXKd1A9UAgAAoqIA=
Date: Thu, 31 Oct 2019 18:02:52 +0000
Message-ID: <B38F725D-E3F9-4D5B-A310-A5F3716E2EE3@ericsson.com>
References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com>
In-Reply-To: <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 36eab5d6-b34b-40c9-e8bd-08d75e2c8c76
x-ms-traffictypediagnostic: HE1PR07MB3066:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <HE1PR07MB306621DCB5A1389D4E6B7D4B93630@HE1PR07MB3066.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(346002)(39860400002)(396003)(376002)(199004)(189003)(18543002)(8936002)(66574012)(54896002)(6246003)(58126008)(186003)(8676002)(26005)(36756003)(256004)(102836004)(14444005)(76176011)(2501003)(7736002)(476003)(236005)(110136005)(81156014)(99286004)(6512007)(229853002)(6486002)(6306002)(33656002)(53546011)(2616005)(6506007)(81166006)(446003)(6436002)(316002)(11346002)(6116002)(66946007)(86362001)(71190400001)(4001150100001)(2906002)(14454004)(25786009)(3846002)(486006)(5660300002)(66066001)(66446008)(478600001)(71200400001)(64756008)(66556008)(66476007)(606006)(966005)(44832011)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3066; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VGYbxNXvqR8V5O8wQfPQ7IKZIPw1LO5WLNh6wmT8w38iLJz/FZIB3GXI9XkloiYpULfGQPow1Zb70mRkuoWUecutsTRzus896yN640uVGP45DFhGYf8AUhG2JXOIz6A/ip/xRlORyLkT7/LfRz+EtgvE1z6UrEfvBkgZq9LmnyfpXBFZJ6tvE6qhw15lhTvjbLnqx3a5U+vCUZvFXyrL+ZKj3ri8XS3DZwSH6ZJnTaAY50aH/x0yqSIYB7gqzOHjx+6yQpLA9gEjqNeGvnEnWjh8XTbBBHHljaD2Uk3VEhlXwJVBN93EDTFFXzMkx8hVX02U+vYmwScqx1jBDxQ/HtQ0A7pJhswqmGHXbRZkRG1E7GlsYkoW4veIY98k9jh1hkDJWPQksW1WkX3ORSUxPz7W1A+jRdDLVY2+PYbQskB/uT/ms6+GlTSTgMeNBTjWfuXR5klPmhvdZ+L1FXVlYxCOi0d8WUYKAfzbUyaTVuQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_B38F725DE3F94D5BA310A5F3716E2EE3ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 36eab5d6-b34b-40c9-e8bd-08d75e2c8c76
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 18:02:52.2360 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FoZ2zsIE+Um6m54oPc/3KwV2+ZK3rehURv1l/qlZkUCZTfmSTjpgM9bZUcFITiWWp+hQ9mo5m1A813N1ulMt/Zl1LuKpbkbJsIEJgVi3G5Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3066
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/CRsYMgvFQE7w4G0BQMsUfzP713A>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 18:02:58 -0000

Hi Max,

> 2.. Would be nice to have some examples, especially WRT multiple alternative algorithms. What I don't like about RFC7616 (which this RFC builds upon),
> though, is that they appear to suggest using the same nonce for all alternatives. Is it really required for the functionality or not? For the same amount
> of network BW used, you may provide more random bits and make attacker's life maybe a bit harder. Also, I am not a security expert, but it appears
> intuitively correct that a hash function with a longer output might require more salt bits, so you might actually save some BW by supplying each algorithm
> with just the right amount of randomness this way.

Note that it is not within the scope of this draft to fix generic Digest issues found in RFC7616.

Regards,

Christer



On Thu, Oct 31, 2019 at 6:20 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Session Initiation Protocol Core WG of the IETF.

        Title           : The Session Initiation Protocol (SIP) Digest Authentication Scheme
        Author          : Rifaat Shekh-Yusef
        Filename        : draft-ietf-sipcore-digest-scheme-14.txt
        Pages           : 9
        Date            : 2019-10-31

Abstract:
   This document updates RFC 3261 by updating the Digest Access
   Authentication scheme used by the Session Initiation Protocol (SIP)
   to add support for more secure digest algorithms, e.g., SHA-256 and
   SHA-512-256, to replace the broken MD5 algorithm.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14
https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<mailto:sipcore@ietf.org>
https://www.ietf.org/mailman/listinfo/sipcore

v2.23.0 | Report a Bug | By Email