Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Sat, 18 May 2019 17:42 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F9CD1200FC for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:42:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BKsaNfpZWVGT for <sipcore@ietfa.amsl.com>; Sat, 18 May 2019 10:42:53 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33FC31200B4 for <sipcore@ietf.org>; Sat, 18 May 2019 10:42:53 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id s20so7961928ioj.7 for <sipcore@ietf.org>; Sat, 18 May 2019 10:42:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8bkBQZtIcugXUXMb49m82ehLUakBS0j+Y6yPeo1w6lY=; b=TtuegRVLR0GHP4e+ZMucJ1x08tqD7d4G92oxqecL74kcAX4cn/DkRyRd0+BpN0jgfO xCVbzHTjwFghuUB25MWnDw8Cizvx0peRCwkFJ1UWcv9fIUeqsrv5f5wkSyZazojIky11 et0JdvBRbhgwjD/ZLkfRTxnflsjif7+meNw5S8zpLhYzTgAqkfm8/8Vc6Tlk3znvfgbM oy+jXavJGHGduzRTm7PugzvvTw42Q11+dIc0KN77yQlyD1BfxpzfiBlSZaz24SthGCQx E2gEjXQcnOtW0c5+pVIWv/463p/40n0kIGNxyZbRfe5E9V8n6w+BfWQ8k2csY09uYS6Z zUpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8bkBQZtIcugXUXMb49m82ehLUakBS0j+Y6yPeo1w6lY=; b=ajgSfQJOjfxgwPm9nP8BxwxKhsl2F4Wj8cw8i+MqHAp7tQBIknCFYtWWfx/5x3TBVx oI7aXgrdmVR2JBXjp0M09im+ydCssw89/2MSspCy8pDbVu0EOnWxMLDZpsWwNYTfK0pc iBuQ91b66/R8d/1lCXreHHuhRML7O3kJH+IF94OwJ7aXwuMRqy7Wq6LOY1tvqNw7NbSs SZ+nYahTcQ4SaEaOB3Dp21TOOg0ffE4BntL2R4L/2VKy+VdpSU9KWpqwFX1BYR7EzfBd ic4zUBuAc8PWFpkdFOi64WbEYXTEMx9IXM2p0q4c36mSofjWUFL5asMWhOV8RyEPQVSI KBHA==
X-Gm-Message-State: APjAAAUQPl58o1Y5Z0C+q+41PFzeHTlOuwz5NprH/nw5+478Cb6Borv1 sH45x47zMw9Lp5o3J9ilWh0m1VUPRVFjEsH3nk1P346L
X-Google-Smtp-Source: APXvYqzueBYQJhFrTF84gvT04DMOvusGZdVSIOrm5j42avjmUhCKc2eptdfKzIoOHhQaMWZ/JTnIivkNlJLS99DzWy4=
X-Received: by 2002:a5d:8e0c:: with SMTP id e12mr23164700iod.31.1558201372507; Sat, 18 May 2019 10:42:52 -0700 (PDT)
MIME-Version: 1.0
References: <87bm01mfwp.fsf@hobgoblin.ariadne.com>
In-Reply-To: <87bm01mfwp.fsf@hobgoblin.ariadne.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Sat, 18 May 2019 13:42:41 -0400
Message-ID: <CAGL6epKK=4YCJhsP9DB_R5P3EMZpR14WxY07xMwWrz-hE0hB_Q@mail.gmail.com>
To: "Dale R. Worley" <worley@ariadne.com>
Cc: SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004c036805892d072a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/Ec2v49IGyItvFBj0adgeL8PTjaE>
Subject: Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-digest-scheme
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 May 2019 17:42:57 -0000
Thanks Dale! See my replies below. Regards, Rifaat On Fri, May 17, 2019 at 8:20 AM Dale R. Worley <worley@ariadne.com> wrote: > [resend -- for some reason, this didn't get through to the mailing list] > > Sorry for being late with this. Below are my detailed comments, but > generally the significant ones fall into two groups: > > 1) When is the binding time of "the contents of the Hash Algorithms for > HTTP Digest Authentication registry"? That is, if a new algorithm is > added to the registry, does it automatically become authorized for use > in SIP? > > My impression is that the answer is Yes. But if so, the wording should > be updated in several places, because it seems to me that the current > wording tends to imply that this document copies the list of algorithms > from the registry at this time and authorizes those algorithms. > > Yes, that is correct. I will try to make it clearer; feel free to suggest a text, if you want. > 2) There is discussion "The IANA registry ... specifies the algorithms > .... and specifies a priority for each algorithm." But I cannot find the > word > priority in the registry, nor in the sole reference in the registry, RFC > 7616. Can you update this to point to whatever defines the priority? > > It is specified in section 3.7: https://tools.ietf.org/html/rfc7616#section-3.7 But I think the wording in the draft is confusing; I will try to clarify that. > Dale > > ---------- > > Abstract > > This document updates the Digest Access Authentication scheme used by > the Session Initiation Protocol (SIP) to add support for secure > digest algorithms to replace the broken MD5 algorithm. > > Might be worth specifying what the "secure digest algorithms" are. > Ok > > 1. Introduction > > [...] which by default uses MD5 as > the default algorithm. > > Do you want "default" twice in this phrase? > > No I do not :) I will fix that. > This document updates the Digest Access Authentication scheme used by > SIP to support the list of digest algorithms defined in the "Hash > Algorithms for HTTP Digest Authentication" registry defined by > [RFC7616]. > > This should be phrased "to support the algorithms defined in the "Hash > Algorithms for HTTP Digest Authentication" registry". This phrasing > gives a late-binding interpretation, that is, if an algorithm is added > to the registry, ipso facto it becomes authorized for use in SIP. > Ok > > 2. The SIP Digest Authentication Scheme > > This section describes the modifications to the operation of the > Digest mechanism as specified in [RFC3261] in order to support the > SHA- 256 and SHA-512/256 algorithms as described in [RFC7616], and > also to require support for the "qop" option." > > Similarly, you want this to be late-binding: > Ok. > > This section describes the modifications to the operation of the > Digest mechanism as specified in [RFC3261] in order to support the > algorithms defined in the "Hash Algorithms for HTTP Digest > Authentication" registry defined by [RFC7616]. > > -- > > 2.1. Hash Algorithms > > The Digest scheme has an 'algorithm' parameter that specifies the > algorithm to be used to compute the digest of the response. The IANA > registry named "HTTP Digest Hash Algorithms" specifies the algorithms > that correspond to 'algorithm' values, and specifies a priority for > each algorithm. > > I don't see a priority specified in the registry. > I will clarify it. > > 3. Augmented BNF for the SIP Protocol > > The number of hex digits must be specified by the specification of > the algorithm used. > > It might be better to say that the number of hex digits is implied by > the length of the value of the algorithm used, since the specification > of an algorithm might explicitly define its output as a sequence of > hex digits. > > Ok > It extends the algorithm parameter as follows to allow for SHA2 > algorithms to be used: > > Or indeed, any algorithm in the registry. > > Ok > 5. IANA Considerations > > This document will use the algorithms defined in that > registry. > > Again is the question of binding time: > > This document specifies that algorithms defined in that registry > may be used in SIP digest authentication. Ok > > [END] > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] Resend: WGLC: draft-ietf-sipcore-digest… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Christer Holmberg
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Dale R. Worley
- Re: [sipcore] Resend: WGLC: draft-ietf-sipcore-di… Rifaat Shekh-Yusef