Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
Maxim Sobolev <sobomax@sippysoft.com> Thu, 31 October 2019 17:37 UTC
Return-Path: <sobomax@sippysoft.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9E2012081A for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 10:37:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sippysoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Sc39ckD10XS for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 10:37:33 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACFF120073 for <sipcore@ietf.org>; Thu, 31 Oct 2019 10:37:32 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id n17so7687366ioa.0 for <sipcore@ietf.org>; Thu, 31 Oct 2019 10:37:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sippysoft.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gg9XOmKccFz+oJrWVSSlUfQow0ng8VhEEvhnpULm3K8=; b=YCvGYxfEeTxY6sdMC6YuzXHGyopgEOYkdcZdOiQb5SoSF03i2vn6J0u14Ajtkbfv7z bPkqSwtuCYWKQCwhEXlvxL+79egHsxMkHxFr8m+MoAWdCYKaqJ+VeSPrYyZ1t0kOHwAu F+HULdPtxRGXDNN4QffBwzY/SF+WbGtpaAJr8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gg9XOmKccFz+oJrWVSSlUfQow0ng8VhEEvhnpULm3K8=; b=g6ff1vEj13KMWmYX37T5F1q1Xn8AO0Y6TcRsUn7b85Loi3C5yreARrdSMAXUprB/MS E6TjWvmbXINyK74Yl2WZu5P3CGl04OI0x0YRGvhqE+XMGsAf34uQ3w0JV+NBJclZXtFF JghMulpWDTHfsCdg9qpYpeY2fHU78LI7/z0hgEKu3nQYB5CLLwwrpLNFofr/QtUCTxG/ 41oTNCoUWxdwfuErLuvoXm/rcYOQagZjHmshtg++tuXU29Gx63i/su2cbCXR7K/ij/MZ FhW/wtP0GOcBUGzdJRdDWISgR3YvgeZD3BuKEgqDL8DYawdFeNqKmefPqXqSXy77t177 nbiw==
X-Gm-Message-State: APjAAAXmTcMhZbzFSiBmZFrq4zWTDMYenDsLwFmxczZnZb8peonRo9qy Q6CPCA/hOifvfa20jiCAUJ9Qnk22lWHrLq/I5s8rsLlRHd0=
X-Google-Smtp-Source: APXvYqyHLoe4opy/nnXDGOMdefzVM4D5KWNu6WRj68MR7OjfEoM48EmQ6IeKTVPCspkgJ5vR/L5Lb9Jz2GTp2CBC+Lg=
X-Received: by 2002:a6b:8b0a:: with SMTP id n10mr6072188iod.280.1572543451867; Thu, 31 Oct 2019 10:37:31 -0700 (PDT)
MIME-Version: 1.0
References: <157252797201.30364.11393682991189471576@ietfa.amsl.com>
In-Reply-To: <157252797201.30364.11393682991189471576@ietfa.amsl.com>
From: Maxim Sobolev <sobomax@sippysoft.com>
Date: Thu, 31 Oct 2019 10:37:20 -0700
Message-ID: <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com>
To: sipcore@ietf.org, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000d7cbeb0596384de0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/KjgBs4VZek317Iw7tb3YI2bflnY>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 17:37:36 -0000
Hi, I am new here, so not sure what the proper process is, but there are few comments I have with regards to the proposed RFC: 1. In the Abstract section there is a phrase "the broken MD5 algorithm". I think "broken" might be a bit strong and emotionally charged. There is nothing broken about MD5 as far as hashing algorithm is concerned. It is proven to be not very secure in this day and age, but given the right amount of time any today's algorithm would probably be in that category. 2. Would be nice to have some examples, especially WRT multiple alternative algorithms. What I don't like about RFC7616 (which this RFC builds upon), though, is that they appear to suggest using the same nonce for all alternatives. Is it really required for the functionality or not? For the same amount of network BW used, you may provide more random bits and make attacker's life maybe a bit harder. Also, I am not a security expert, but it appears intuitively correct that a hash function with a longer output might require more salt bits, so you might actually save some BW by supplying each algorithm with just the right amount of randomness this way. Thanks! -Max On Thu, Oct 31, 2019 at 6:20 AM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : The Session Initiation Protocol (SIP) Digest > Authentication Scheme > Author : Rifaat Shekh-Yusef > Filename : draft-ietf-sipcore-digest-scheme-14.txt > Pages : 9 > Date : 2019-10-31 > > Abstract: > This document updates RFC 3261 by updating the Digest Access > Authentication scheme used by the Session Initiation Protocol (SIP) > to add support for more secure digest algorithms, e.g., SHA-256 and > SHA-512-256, to replace the broken MD5 algorithm. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14 > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] I-D Action: draft-ietf-sipcore-digest-s… internet-drafts
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Maxim Sobolev
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Christer Holmberg
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Paul Kyzivat
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Rifaat Shekh-Yusef
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Olle E. Johansson