IETF Logo Mail Archive

Re: [sipcore] draft-ietf-sipcore-digest-scheme comments

Christer Holmberg <christer.holmberg@ericsson.com> Sat, 25 May 2019 14:53 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A3BF120006 for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 07:53:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fju0jiMN1YlJ for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 07:53:11 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C37C4120044 for <sipcore@ietf.org>; Sat, 25 May 2019 07:53:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MBL2ye8E+8a+n/MoB0uMkJpDlE8bVOol6BjxS8SaFJo=; b=o7f/W0A6dPefQ/cBWynnykbqUkNWmbro0x7mMJpKqbvIVRGSs5fnCOw/u2cOPLRYIA63lsGiQPdVQ5xL3+80icYPvTdQVkDqLMw3MuNzMvTjkl2zEv+NAHi2WrDMrSXoS0UxmYJUjBi2OoQTmWCDa0sAc2cqk6FXzXG4mHBPsyQ=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4316.eurprd07.prod.outlook.com (20.176.167.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.13; Sat, 25 May 2019 14:53:07 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.016; Sat, 25 May 2019 14:53:07 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: "Olle E. Johansson" <oej@edvina.net>, SIPCORE <sipcore@ietf.org>
Thread-Topic: [sipcore] draft-ietf-sipcore-digest-scheme comments
Thread-Index: AQHVDLXhQrBFZP79BUqVpCNPfRzS+KZxOB6AgAJLmwCAAqM3AIAFmuiAgABqJQA=
Date: Sat, 25 May 2019 14:53:07 +0000
Message-ID: <98D9E38D-4EA3-4F55-B37D-5334FA42F362@ericsson.com>
References: <DE595AFF-5DEA-4A32-8527-10B841D6C7C1@edvina.net> <CAGL6epLMHoneH6PNgeF5TgJhveh-xWeZSW6XQDBB2Gf5mS9eRQ@mail.gmail.com> <C1431DCD-C4DD-4BFA-9C5D-E4DFE7B0F2DA@edvina.net> <B4A08741-A092-480C-AE12-2DD25D7835D0@ericsson.com> <CAGL6epJTv+Dytk_VHNi4Sk0mimVj=cMqWR4u9uSg1q+RcUQJ_Q@mail.gmail.com>
In-Reply-To: <CAGL6epJTv+Dytk_VHNi4Sk0mimVj=cMqWR4u9uSg1q+RcUQJ_Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [178.55.236.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 14cd49b6-faa0-4461-575e-08d6e120b2e8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB4316;
x-ms-traffictypediagnostic: HE1PR07MB4316:
x-microsoft-antispam-prvs: <HE1PR07MB43164A81171543E25F6583AA93030@HE1PR07MB4316.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0048BCF4DA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(136003)(396003)(376002)(346002)(199004)(189003)(18543002)(14454004)(476003)(14444005)(486006)(11346002)(83716004)(2616005)(71200400001)(71190400001)(446003)(6116002)(3846002)(5660300002)(478600001)(82746002)(316002)(68736007)(36756003)(6246003)(53936002)(256004)(44832011)(86362001)(4326008)(6512007)(73956011)(6506007)(229853002)(66476007)(76116006)(8676002)(66556008)(54906003)(64756008)(66446008)(66946007)(66066001)(58126008)(26005)(186003)(6486002)(6436002)(102836004)(2906002)(33656002)(6916009)(99286004)(25786009)(81166006)(81156014)(305945005)(76176011)(7736002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4316; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: I5fgrUsA4Ak9BR6OunQWGyT78Mtw7P5jp+hlXWe7jVjwsVSSG4yZftEflox9ZeLSGRjBIrmvtXdxf+uH0EeO/bF6HqsvwgtKZnRE6BzBV5KnNxdvecBkSrK8IuQO4NpVJ8S7FlaGdQh+Q3fANM/6YVXXsI5LHDyVRcmdJbWWQWn+KTjIrrmuoFF4AlKmPYVqBRVT40G2YJ8wKFwRw+G0V8o1WuAYbvIJV1yY5TkvKGEWUkFd9QbY5sqSSBwnfjkYJD4sTQAwtN8kbhsLrX9U/MMxU2PjRfYHaDHTpvzb2ZAROovMtAqVEgTRcGQJZLZtV2bTnzvZ90bzdVygxkfggydg7vqdnQ5k5eTHmHUvAo6FQNr/zudLDELOBuQOX4HStNVsrloehKnAFJ1Q97PC6X/0ZcGp/2gPgB5KcVAD7VE=
Content-Type: text/plain; charset="utf-8"
Content-ID: <AE98BF444A75BB44A3D328AA85027673@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14cd49b6-faa0-4461-575e-08d6e120b2e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2019 14:53:07.4489 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4316
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/cXOw1JCt85yLHZ7H3yFgw2TLcow>
Subject: Re: [sipcore] draft-ietf-sipcore-digest-scheme comments
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 May 2019 14:53:14 -0000

Hi,
 
>>>> Section 2.1:
>>>> 
>>>> "Note that [RFC7616] defines a -sess variant for each algorithm; the
>>>>   -sess variants are not used with SIP.”
>>>>
>>>> Is this already forbidden in 3261 or is this new proposed language? If so, “are not” should propably
>>>> be something like “MUST not”
>>>
>>> I do not think that 3261 forbids the -sess variant, and I do not see the need to forbid it here either
>>> So then I suggest we remove the statement that the -sess variants are not used with SIP.
>>>
>>> If -sess variant was defined in RFC 7616, it was obviously not mentioned in RFC 3261 __
>>
>> What is the difference between the session variant and the non-session variant? What is meant by "session"? RFC 7616 doesn't give any explanation, and I couldn't find anything by googling either.
>
> See RFC 7616, section 3.4.2 for more details.
>
>> I do think we need to say *something*.
>
> Any suggestion?

Not at the moment. But, if allowing both adds something new to what is currently defined/assumed in RFC 3261 I think it would be good to point it out.
 
... 

>>> Section 2.4:
>>>
>>> "When the UAC receives a response with multiple header fields with the
>>>   same realm it SHOULD use the topmost header field that it supports,
>>>   unless a local policy dictates otherwise.”
>>>
>>> Why a SHOULD? I would prefer a MUST.
>>
>> I can do that, but the last part of this paragraph states that local policy can override this recommendations anyway.
>> So, does it make any difference?
>> Should we allow that? Why would local policy enforce a downgrade?
>>
>>> “When the UAC receives a 401 response with multiple WWW-Authenticate
>>>   header fields with different realms it SHOULD retry and include an
>>>   Authorization header field containing credentials that match the
>>>   topmost header field of any one of the realms.”
>>>
>>> If you are disallowing multiple Authorization headers for the same realm,
>>> but with different algorithms I think this should be clearly written. In my
>>> view, that would be a good thing.
>>
>> This is allowed.
>
> RFC 3261 does not say anything about using the topmost header, does it?
>
> I was referring to this document.

So, the should-use-topmost is something new, defined in this document?

Regards,

Christer

v2.23.0 | Report a Bug | By Email