IETF Logo Mail Archive

Re: [sipcore] draft-ietf-sipcore-digest-scheme comments

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Sat, 25 May 2019 15:06 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7EE71200A2 for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 08:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7gaHV75yn-9 for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 08:06:56 -0700 (PDT)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B0CB120006 for <sipcore@ietf.org>; Sat, 25 May 2019 08:06:56 -0700 (PDT)
Received: by mail-it1-x130.google.com with SMTP id i63so18068741ita.3 for <sipcore@ietf.org>; Sat, 25 May 2019 08:06:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3aDpEhrEew5psBQGUFAzzQsUBP5V8wu8JdYUrK8qazI=; b=HZBF9IsFcsXIrAGChXl5XC2hoX8FlKKVBw4kjFoujikMNw6A7KwBwqEgQStJunCjuH BFUJtTnZImLBTp1C9uV9+9w7Gd4IfIVhrkqr9aPMynFbY9+E4wzNpsDOOwWPZ2qgjytI PIzIiJy8jz7swQFkXzld1ddysYU4YqL1Ls1xF1x4mmZwTPnO2DaHYeqbvcDdBUkIhFTp 9Bo7ID9pO5FZ9kFB8NcFY9NQzpx9ZZpYjJWbc0sKIyawxmat42PgIzBP3wZcyvXpDdVS TwMEWqJHphiHN4rgDoyo080H11XREgUD9/m/KTFC4gTWkjYdNp3J77yDZLm3onBteYCk BZug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3aDpEhrEew5psBQGUFAzzQsUBP5V8wu8JdYUrK8qazI=; b=sTWwZxp8+wS4XfOKLE+UjhyDdHYFtxlrgE+QpuRX/MwyAcy+U/02XCo6dwuRhlAYyb 13jDwnS7HD8hbuNm/vth67Ac0CdHg29g5wANFdw7bm4acNFBfKTAqdO+2nmdBLdxSmfh RBYBtD5Dxx59GfcaQcBMs86viD6jllL6BqiqDFd4pULfHXp0OeENQnIQl2hWmPZ/jtC1 DTmvTk9BBYsjq3CEoqmSONjjNbPUsWWCghul3GB/1ZKV3Xd1rpanF8kKO7XzkCfuDwSX k4xxz05zUy+VMUushVcylLGJ7+CseE2OqhsSf0BT28qZhAxnomFfhCR7l3qoIHAiOWqy bxiQ==
X-Gm-Message-State: APjAAAVFhKjNFTidmbPW+a0VjxgKd1CqCYhHPFaT2K0043JJDxJLsx7B p0HxYR6xFsRLpvX4dqKeN+3DYRtFuLsg8TKKmDo=
X-Google-Smtp-Source: APXvYqwY5i+0n7RB3ZRDIaXrXuNkZc0vSZ6BWYj5kJtdxIBzl8DzJ6EaWf95RsZmOpI/UZqJBjGEgeDXyZbaUClo/U8=
X-Received: by 2002:a24:c241:: with SMTP id i62mr21019325itg.21.1558796815597; Sat, 25 May 2019 08:06:55 -0700 (PDT)
MIME-Version: 1.0
References: <DE595AFF-5DEA-4A32-8527-10B841D6C7C1@edvina.net> <CAGL6epLMHoneH6PNgeF5TgJhveh-xWeZSW6XQDBB2Gf5mS9eRQ@mail.gmail.com> <C1431DCD-C4DD-4BFA-9C5D-E4DFE7B0F2DA@edvina.net> <B4A08741-A092-480C-AE12-2DD25D7835D0@ericsson.com> <CAGL6epJTv+Dytk_VHNi4Sk0mimVj=cMqWR4u9uSg1q+RcUQJ_Q@mail.gmail.com> <98D9E38D-4EA3-4F55-B37D-5334FA42F362@ericsson.com>
In-Reply-To: <98D9E38D-4EA3-4F55-B37D-5334FA42F362@ericsson.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Sat, 25 May 2019 11:06:44 -0400
Message-ID: <CAGL6epL7y0jiOqBdt3UOkx31ueQofh-W8vPwjvOUZhHZsaDq3A@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: "Olle E. Johansson" <oej@edvina.net>, SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007888200589b7aaeb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/MjdhRGesdWw7wcNQxzbkQ9V1QVs>
Subject: Re: [sipcore] draft-ietf-sipcore-digest-scheme comments
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 May 2019 15:06:59 -0000

On Sat, May 25, 2019 at 10:53 AM Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> Hi,
>
> >>>> Section 2.1:
> >>>>
> >>>> "Note that [RFC7616] defines a -sess variant for each algorithm; the
> >>>>   -sess variants are not used with SIP.”
> >>>>
> >>>> Is this already forbidden in 3261 or is this new proposed language?
> If so, “are not” should propably
> >>>> be something like “MUST not”
> >>>
> >>> I do not think that 3261 forbids the -sess variant, and I do not see
> the need to forbid it here either
> >>> So then I suggest we remove the statement that the -sess variants are
> not used with SIP.
> >>>
> >>> If -sess variant was defined in RFC 7616, it was obviously not
> mentioned in RFC 3261 __
> >>
> >> What is the difference between the session variant and the non-session
> variant? What is meant by "session"? RFC 7616 doesn't give any explanation,
> and I couldn't find anything by googling either.
> >
> > See RFC 7616, section 3.4.2 for more details.
> >
> >> I do think we need to say *something*.
> >
> > Any suggestion?
>
> Not at the moment. But, if allowing both adds something new to what is
> currently defined/assumed in RFC 3261 I think it would be good to point it
> out.
>
>
The ABNF allows for the -see variant, but my understanding is the the -sess
variant was never implemented in SIP.
This document does not introduce any new -sess specific changes.



> ...
>
> >>> Section 2.4:
> >>>
> >>> "When the UAC receives a response with multiple header fields with the
> >>>   same realm it SHOULD use the topmost header field that it supports,
> >>>   unless a local policy dictates otherwise.”
> >>>
> >>> Why a SHOULD? I would prefer a MUST.
> >>
> >> I can do that, but the last part of this paragraph states that local
> policy can override this recommendations anyway.
> >> So, does it make any difference?
> >> Should we allow that? Why would local policy enforce a downgrade?
> >>
> >>> “When the UAC receives a 401 response with multiple WWW-Authenticate
> >>>   header fields with different realms it SHOULD retry and include an
> >>>   Authorization header field containing credentials that match the
> >>>   topmost header field of any one of the realms.”
> >>>
> >>> If you are disallowing multiple Authorization headers for the same
> realm,
> >>> but with different algorithms I think this should be clearly written.
> In my
> >>> view, that would be a good thing.
> >>
> >> This is allowed.
> >
> > RFC 3261 does not say anything about using the topmost header, does it?
> >
> > I was referring to this document.
>
> So, the should-use-topmost is something new, defined in this document?
>
>
Yes, as per RFC7616.

Regards,
 Rifaat




> Regards,
>
> Christer
>
>

v2.23.0 | Report a Bug | By Email