Re: [sipcore] SIP Digest - Open Issue
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 10 March 2017 14:01 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5438C129954 for <sipcore@ietfa.amsl.com>; Fri, 10 Mar 2017 06:01:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nyh-FzZBLkqF for <sipcore@ietfa.amsl.com>; Fri, 10 Mar 2017 06:01:23 -0800 (PST)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B32B1298D3 for <sipcore@ietf.org>; Fri, 10 Mar 2017 06:01:23 -0800 (PST)
Received: by mail-ua0-x232.google.com with SMTP id 72so113835826uaf.3 for <sipcore@ietf.org>; Fri, 10 Mar 2017 06:01:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rBF/UaHgaND6O7oUHpZe6VvkJszWB9GKe3h1o1TFFqQ=; b=RYo2ytxOZncNhMjT0qeaVsop6d051tK096uunoj6De51IehxFksoQFeBNtL50OW8j1 aAYwrm3bUBNgGQ2eM7Xse8bSeLKqTpv6p5w0UvD9L0NYlZ86PTWQjSNkXkld5CFpCpR6 Hen/pUA8ZTO7nVdfYof3BL1F0xdVMSLMsbcXWQ8XoOG+fi/Jlu0fgxEjHFJZ05WMRlSp hRcyKK7/hS4548/isf676xHfF9lnqM+prX31G9jY/nJPoXB0rCRuNowTOxVXpFm46kTQ 523DWldRNhI/A5voSxsb7JqPXLClRR04v7XA5njNf5ePTbIFLEQs2R2N1ySIweQhrtFJ K+iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rBF/UaHgaND6O7oUHpZe6VvkJszWB9GKe3h1o1TFFqQ=; b=iIyGijHUtfCTHawMrlIq1Zyt6E3BOMqMjKJp76PBwU38+09wN8aUFyYNxdBRS50Phy FxaXagKoYNOMvGmJd4BsLPPUzir+OhzCpxJzk7zGtNebUmRcjqxBJhZqmYDCw9CosRW9 G+/shdzJLqBMwKyQs6P5LQ9Pdydi+AYXgcDFxKhxWE2UJwSxAIOfoN9KTNwfteEdGd7i M6NM3rn3Z4BtyGFaoCwWDklrf4rNQwtKJovC4Tm5stAgloxNsAHHgLJFtq7E7cdDsavy h/CEuBTT973WKRNGGvgDypa+dxtcgEA+WDThP+XDvSoW/aZgloYnzk5dE/pu2jsmzhGy LK2Q==
X-Gm-Message-State: AMke39mLZnCKa5scn6831lC/X03B22nktfqzaZwuVObBzBk9TZKtxfGUN6iF71uCUkLJcyRwR1QQ07KSpVbp0Q==
X-Received: by 10.31.4.211 with SMTP id 202mr9699353vke.105.1489154482673; Fri, 10 Mar 2017 06:01:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.52.146 with HTTP; Fri, 10 Mar 2017 06:01:22 -0800 (PST)
In-Reply-To: <CO2PR03MB234275628ACD940D566E0103B2210@CO2PR03MB2342.namprd03.prod.outlook.com>
References: <CAGL6ep+U+ozQgx+QCPo9JNAXA91L+ZV56ooUsUsJcQ3tuL5Xdw@mail.gmail.com> <CO2PR03MB234275628ACD940D566E0103B2210@CO2PR03MB2342.namprd03.prod.outlook.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 10 Mar 2017 09:01:22 -0500
Message-ID: <CAGL6epJUL8Zoi0XrxuNvRs8S18Hqw-YUPkRwH3A-p-W4YfPOOA@mail.gmail.com>
To: "Asveren, Tolga" <tasveren@sonusnet.com>
Content-Type: multipart/alternative; boundary="001a11429d6ef4a0c3054a60cbbf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/DnOLNZNJk-VXpsMhJcvctXUwL4Q>
Cc: "sipcore@ietf.org" <sipcore@ietf.org>
Subject: Re: [sipcore] SIP Digest - Open Issue
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 14:01:26 -0000
On Thu, Mar 9, 2017 at 2:42 PM, Asveren, Tolga <tasveren@sonusnet.com> wrote: > i- I think it needs to be handled. It may have a cohort of anti-fans but > forking is part of RFC3261 and should be covered for any scenario/new > mechanism. > > Ok. > > > ii- I am not sure whether “UAC responds with the ones it supports” is the > right approach. New/updated implementations may follow that advice but what > about existing UACs? > Existing UAC will use MD5 if present in the challenge. If MD5 is not present, it means that the server decided not to support MD5 and requires new clients that support SHA2. > I think there may be a need to define a new option-tag indicating support > for SHA*. If that is not present, only MD5 should be used. And actually > this comment is applicable for any scenario, not just for forking. For > forking, aggregation should consider the option-tag. > > > I am not clear on why an option-tag is needed; can you please elaborate? > iii- UAC supporting SHA* and receiving challenges for both MD5/SHA* should > reply for both of them. > It depends, if the challenge is coming from one server that supports both, then the UAC should prefer SHA2; otherwise, you are right, the UAC will have to provide both. > Authorization headers should be ordered based on the order of received > WWW/Proxy-Authenticate header if challenges for both MD5/SHA* are received > for the same realm. This would be needed if forking happens and one of the > forked challengers support only MD5. Forking proxy should send only MD5 > Authorization header to such an entity. > This is already covered by the existing text. > iv- In general, I don’t think there is a need to repeat “Updates to HTTP” > etc…, which are already present in RFC3261. > > > There are few differences between what is in RFC3261 and what is in the draft. Also, this is provided for completeness to cover the Digest mechanism in one document. Regards, Rifaat > Thanks, > > Tolga > > > > *From:* sipcore [mailto:sipcore-bounces@ietf.org] *On Behalf Of *Rifaat > Shekh-Yusef > *Sent:* Thursday, March 9, 2017 9:04 AM > *To:* sipcore@ietf.org > *Subject:* [sipcore] SIP Digest - Open Issue > > > > Hi, > > > > There is an open issue around the Digest draft and I would like to get > some thoughts from the WG about it: > > https://datatracker.ietf.org/doc/draft-yusef-sipcore-digest-scheme/ > > > > The issue is related to section 2.5 Forking: > > Is this a real use case? if so, the current text calls for the proxy to > aggregate the responses and for the UAC to respond to the the ones it > support; is this a reasonable approach? > > > > Appreciate any thoughts about this. > > > > Regards, > > Rifaat > > >
- [sipcore] SIP Digest - Open Issue Rifaat Shekh-Yusef
- Re: [sipcore] SIP Digest - Open Issue Asveren, Tolga
- Re: [sipcore] SIP Digest - Open Issue Rifaat Shekh-Yusef
- Re: [sipcore] SIP Digest - Open Issue Asveren, Tolga