IETF Logo Mail Archive

Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 04 November 2019 07:58 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4C41200B9; Sun, 3 Nov 2019 23:58:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OPo2M8v9jYIv; Sun, 3 Nov 2019 23:58:00 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150057.outbound.protection.outlook.com [40.107.15.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A555612006D; Sun, 3 Nov 2019 23:57:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FElCTSx59ENOX2sJYa1prrxzLxWz5RpXSeoPAAVenDVZZtL1MS9qS/kVhPoIfPq76db0Biq1KdINQSRfyRtRnl5Eyg97t3stgTBSg/pCNHpHd6ZOSVT/Pl28mgMLJsGhSs0a8oYSB/F8Jtk2Q/NjBb7g1LBH1XjJSCV6xVyeQifqFT1W8gIMKoN2ZjzJEWk19DDXliiMwQCKk0cCjDhWTKKMZgt1NPjfYYe5YMSm+4AZTUphwnyasph5iD4aDz10bVA7JzvE/IlG/TaCrqXCucw+GlqL84PxawjMQahjIQddX17ZH1X/xJGy75j6hKnbfoQo8hDzhfdXBuFOaqJy4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6QF5USMEcx+FlGRgEGkIqqzxx8lweILd5n25xsPoug8=; b=VtQ+JXxYdaPIc5wTQHaPpEw1+Xe/6yJzR5bqpKtb7FEnFhf8gM9TKdaSYSik0IM5GTpB1/pu8of4cyYMS6JrRkFTYvxsnZyUDdSydgh8hx9psagV4jklcq38yGQ2QyW9lO8NsdOB7tolQtUPecMX5bmFaU4nUKZCTc5MqgMbL72FfwakE1tYrqR+DZnpuA7xqzEkuFMcYsbV9r3zd/LdX8xovvRQ+GTja/GEjQnI9irzIGMq0oDa/d9/5b/KngrM0kefHejNYuyWpK93jX3VPZOi6krJ3NXsq5hpzk+y3FIje4h7gsNtJqo4Cn2EAO0gUb3A5nyGId4ST3lrPXxMAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6QF5USMEcx+FlGRgEGkIqqzxx8lweILd5n25xsPoug8=; b=hLlHYjkIBPvsLjdSLxr8/rm7FofmYA1vhrehX6j1YWgYO1Yb8U2lUGqpi12JDyLPSd5kMSrB0mIa5om5L6svEMZa2vArxz8PVVRgRXZBwiSKFewSZq2QwR/MdKWkvHLGKUtFFtxHNqXyl+eEzFphtII79hnYuiJajeSEImGgIc4=
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com (10.175.243.17) by VI1PR07MB5296.eurprd07.prod.outlook.com (20.178.12.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.10; Mon, 4 Nov 2019 07:57:57 +0000
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::41a:f6a0:9660:bc09]) by VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::41a:f6a0:9660:bc09%3]) with mapi id 15.20.2430.014; Mon, 4 Nov 2019 07:57:56 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: Alexey Melnikov <aamelnikov@fastmail.fm>, "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "draft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore-digest-scheme@ietf.org>, The IESG <iesg@ietf.org>, SIPCORE <sipcore@ietf.org>
Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA///hPYCAACLmgIAAH3GA///5uYCAAClCgIAAHA2AgADDMwCAABEIgIADIi+AgACUUBuAABsAgIAA4h8A
Date: Mon, 04 Nov 2019 07:57:56 +0000
Message-ID: <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com>
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <CAGL6epJgyr_VUYgKCgxDcP5ObKWErtDCHxaX7JusUYPXu=a6jQ@mail.gmail.com> <a9ebadcc-36ae-4bdb-af69-05486eef2569@www.fastmail.com> <CAGL6ep+AK4BuGZ2Y1RMsomAYGLiy2NbEHgm5-941FLVKS6bY9Q@mail.gmail.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <CAGL6epLQS9xqHybZLTk1qM4i_LaDWVk8-iF0-0e_osf271R_Rg@mail.gmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <CAGL6epLrJYPaaYwFQjP8Lk3Uc3PUogtfPyxE5FsoTMJs3GvsgA@mail.gmail.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> <CAGL6epLp=x+Z3g+BZAYsmOob1pkchnvRObnJ7JfTSWES8xaEmA@mail.gmail.com> <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> <CAGL6epJToAGBnvxNO0kTu74AtTL7eSqvsRyemKRt4=RBgU8z8g@mail.gmail.com> <7D911FFD-814F-4DCF-A13E-C3E19A5D0EE5@ericsson.com> <064B1BB7-6D54-453B-B58B-527EC3B9D78D@fastmail.fm> <CAGL6ep+b77z=W8ig6b5yzPAYir4rdAk8YTRbW58xkw0QRHgnNA@mail.gmail.com> <HE1PR07MB31611E03B4AE9575E9C224D8937C0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAGL6epLH0ioOP2ZK5nv-awwZbCciV8hyQcYKWXE6XM9xt-YWwg@mail.gmail.com>
In-Reply-To: <CAGL6epLH0ioOP2ZK5nv-awwZbCciV8hyQcYKWXE6XM9xt-YWwg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1c19669c-e16d-44a4-6c49-08d760fcb439
x-ms-traffictypediagnostic: VI1PR07MB5296:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <VI1PR07MB52966E4FE9D9E1FEE157BC93937F0@VI1PR07MB5296.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(396003)(376002)(366004)(346002)(18543002)(199004)(189003)(81166006)(6246003)(6116002)(790700001)(81156014)(14444005)(517774005)(99286004)(25786009)(606006)(33656002)(53546011)(3846002)(966005)(478600001)(5660300002)(102836004)(256004)(186003)(6916009)(4326008)(66476007)(76116006)(66556008)(86362001)(64756008)(66946007)(66446008)(91956017)(71200400001)(71190400001)(14454004)(476003)(236005)(2616005)(58126008)(7736002)(44832011)(26005)(446003)(76176011)(6506007)(36756003)(8936002)(66066001)(54896002)(6512007)(486006)(6306002)(6436002)(6486002)(316002)(2906002)(8676002)(21615005)(54906003)(5070765005)(229853002)(11346002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5296; H:VI1PR07MB3167.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: f5E/kSK2QvOTVGh5IKZD0bEORs91jWZV/ac8t8J71acFjYFNEXqigDgNxgJEhXnFek3BObrSjdpl8C0CqzhnQJYFP7GLAKN8ttgwr+mFJT7LSKUJTdNs9Vl8qm5DMSiAj3sbyv1eduS3JvWsEJHvsv0uKS+4rVBSZ3/QdxZ0DOwIye5CX+Oi/o30ZyyHLT2xlyPPqfIJ4M8V5IT7KMXh1n0WBqLoy4aqheKTgTXP8XX2w3VqzktrWWCNrO+5TnfvSpdfRRXtdD25qSWamRqMjB0dhs7OfufTp94nV3kPfwrri5xspkIChvskWw1QNzH+utkqOemBeL3H0rl1Zi9/Stf5iFSgjdCs4upgh267pgpJJwzrK982Uak2rMo1R7eHmkVdwTokFQWO9JV1kyrdPxhp5NcuLicLiASP66XbhIZ2DI6FxoV5CGeavnKsKm4Ycu2VnR2BCRPBgQ32s5B+RURF0XaQpV9r0OxiTeRuoX0=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_84CA4DD0387746A0877243F35BB788A3ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c19669c-e16d-44a4-6c49-08d760fcb439
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 07:57:56.7122 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mroOzLf9USBBpbqtr6NBSg1yA+IohpAhcsiLYEEOaSGTw4fjSdFJRXShMLaS290Xf7s5L8bj+aDtmIFOQd5h4TMef1zpKBO8+6Y4VUhEYNw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5296
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/Stz_dPPsDmw7r0md17JrWjUTE_c>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 07:58:04 -0000

Hi,

>I am not sure I am following, What do you mean by "challenge response not being provided"?

The response to the challenge provided by the server.

If you think it is unclear, maybe something like:

“A parameter with an empty value (empty string) is allowed when the UAC has not yet received a challenge."

Regards,

Christer






On Sun, Nov 3, 2019 at 1:53 PM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:
Hi,

I am fine with the suggestion, but instead of talking about an algorithm not being provided I would like to talk about a *challenge response* not being provided.

Regards,

Christer


________________________________
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Sent: Sunday, November 3, 2019 12:01 PM
To: Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>
Cc: Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>; sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org> <sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>>; draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org> <draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; SIPCORE <sipcore@ietf.org<mailto:sipcore@ietf.org>>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)

Alexey, Christer,

How about the following:
1. Change the ABNF to "request-digest = LDQUOT *LHEX RDQUOT"
2. Change the text below it to say "The number of hex digits is implied by the length of the value of the algorithm used, with the minimum size of 32. A parameter with an empty value (empty string) is allowed when the algorithm is not specified.""

Regards,
 Rifaat

On Fri, Nov 1, 2019 at 6:10 AM Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>> wrote:

On 1 Nov 2019, at 07:09, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:

Hi,



>I do not have a strong opinion here.

>

>Anybody has an opinion or thoughts about adding such a text?



In addition we’d obviously also change the ABNF back, to allow empty values.

If the ABNF is changed back for this, I think some extra text would be useful.




Regards,



Christer









On Thu, Oct 31, 2019 at 1:50 PM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:

Something like this:



“In some cases a UAC needs to include an Authorization header field in a request before it has received a challenge, in order to provide user information (using the ‘userinfo’ header field parameter) that is needed in order to create the challenge. An example of such case is when the HTTP Digest Authentication Using AKA mechanism (RFC3310) (RFC4169) is used. In such case the Authorization header field would typically not contain a ‘response’ header field parameter before a challenge response is provided. However, for the IP Multimedia Subsystem (IMS) it has been specified that the Authorization header field in such case does contain a  ‘response’ header field parameter, with an empty value (empty string). For that reason the modified request-digest ABNF allows such empty values.”



Regards,



Christer





From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Date: Thursday, 31 October 2019 at 19.22
To: Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Cc: Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>>, "sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>" <sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>>, "draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" <draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>>, "sipcore@ietf.org<mailto:sipcore@ietf.org>" <sipcore@ietf.org<mailto:sipcore@ietf.org>>, Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)



Can you propose some text?



Thanks,

 Rifaat





On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:

Hi,



Perhaps we could add some text about the IMS use-case, in order to explain the empty value?



Regards,



Christer



From: sipcore <sipcore-bounces@ietf.org<mailto:sipcore-bounces@ietf.org>> on behalf of Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>>
Date: Thursday, 31 October 2019 at 15.52
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Cc: "sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>" <sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>>, "draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" <draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>>, "sipcore@ietf.org<mailto:sipcore@ietf.org>" <sipcore@ietf.org<mailto:sipcore@ietf.org>>, Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)



Hi,



>This IMS behavior would have been in violation of RFC3261 which specified exactly 32 Hex characters.

>So, this change should not make much of a difference in this case.



In reality it probably doesn’t make a difference, but it would make the IMS procedures “aligned” with the IETF spec.



Regards,



Christer









On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:



Hi,



The reason for the empty value comes from IMS and AKA, where you need to include the user id already in the initial REGISTER request (this seems to be missing from RFC 3310, but that’s a separate topic) in order for the server to create the challenge,  meaning that in the initial REGISTER request you include an Authorization header field with the username parameter carrying the IMS private user identity, the realm parameter and the uri parameter. At this point you obviously don’t yet have the response, so in IMS it is specified that the response parameter is inserted with an empty value.



WHY it was specified that way (instead of simply not including the response parameter) I don’t know, but I do know that it has been implemented and deployed that way for many years.



Regards,



Christer





From: sipcore <sipcore-bounces@ietf.org<mailto:sipcore-bounces@ietf.org>> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Date: Thursday, 31 October 2019 at 15.20
To: Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>
Cc: "sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>" <sipcore-chairs@ietf.org<mailto:sipcore-chairs@ietf.org>>, "draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" <draft-ietf-sipcore-digest-scheme@ietf.org<mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>>, "sipcore@ietf.org<mailto:sipcore@ietf.org>" <sipcore@ietf.org<mailto:sipcore@ietf.org>>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)



Done.



On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>> wrote:

On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote:

Hi Alexey,



I am fine with Paul's suggestion.

Are you ok with "32*LHEX"?

Yes!



Thank you,

Alexey



Regards,

 Rfaat





On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>> wrote:



Hi Rifaat,



On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote:

Thanks Alexey!



I am fine with the first two comments, and will fix these in the coming version of the document.



I am not sure I follow the 3rd one. Why do you see the need for a minimum number of hex digits?

You do say that the number of hex digits match the hash lenght, so it is probably Ok. However empty value is never valid (and I am worried it might hit some boundary condition bug in implementations), so prohibiting it in ABNF would be the best.



Best Regards,

Alexey



Regards,

 Rifaat







On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:

Alexey Melnikov has entered the following ballot position for

draft-ietf-sipcore-digest-scheme-12: No Objection



When responding, please keep the subject line intact and reply to all

email addresses included in the To and CC lines. (Feel free to cut this

introductory paragraph, however.)





Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html

for more information about IESG DISCUSS and COMMENT positions.





The document, along with other ballot positions, can be found here:

https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/







----------------------------------------------------------------------

COMMENT:

----------------------------------------------------------------------



I am agreeing with Alissa's DISCUSS.



Also, I have a few comments of my own:



1) Last para of Section 2.1:



2.1.  Hash Algorithms



   A UAS prioritizes which algorithm to use based on the ordering of the

   challenge header fields in the response it is preparing.



This looks either wrong or confusing to me. I think you are just saying here

that the order is decided by the server at this point.



   That

   process is specified in section 2.3 and parallels the process used in

   HTTP specified by [RFC7616].



So based on the above, my suggested replacement for both sentences:



   A UAS prioritizes which algorithm to use based on its policy,

   which is specified in section 2.3 and parallels the process used in

   HTTP specified by [RFC7616].



2) Last para of Section 2.4:



   If the UAC cannot respond to any of the challenges in the response,

   then it SHOULD abandon attempts to send the request unless a local

   policy dictates otherwise.



Is trying other non Digest algorithms covered by "SHOULD abandon"?

If yes, maybe you should make this clearer.



   For example, if the UAC does not have

   credentials or has stale credentials for any of the realms, the UAC

   will abandon the request.



3) In Section 2.7:



      request-digest = LDQUOT *LHEX RDQUOT



This now allows empty value. I suggest you specify a minimum number of hex

digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX".

v2.23.0 | Report a Bug | By Email