IETF Logo Mail Archive

Re: [sipcore] SIP Digest - Open Issue

"Asveren, Tolga" <tasveren@sonusnet.com> Thu, 09 March 2017 19:42 UTC

Return-Path: <tasveren@sonusnet.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD60412944C for <sipcore@ietfa.amsl.com>; Thu, 9 Mar 2017 11:42:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.489
X-Spam-Level:
X-Spam-Status: No, score=-2.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykv8vzF18pjH for <sipcore@ietfa.amsl.com>; Thu, 9 Mar 2017 11:42:39 -0800 (PST)
Received: from us-smtp-delivery-126.mimecast.com (us-smtp-delivery-126.mimecast.com [63.128.21.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 042BF1293DA for <sipcore@ietf.org>; Thu, 9 Mar 2017 11:42:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-sonusnet-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GjXjICF/LaAICHeU+D4ebpsiCLUx31aL/4d1zwEV4Yo=; b=gVQIHhX2ydMtMhGwwscRwnoxUSZjqbzdYJ4jcGEphzI/8RCAsyHu9QcVVDK5zNnynm1oKnukcCCxHcrpA2c2MyNj1n2XJfS11GaoXWafvpeIh8YLbezLklvbQwrWNEKcLKPR3jPRvsOxWHLUkuOQdkBf0O7wl+Uv2w4Ous+LvYg=
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03lp0017.outbound.protection.outlook.com [216.32.181.17]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-66-CBhZTdXGMFCgusJToguESw-1; Thu, 09 Mar 2017 14:42:35 -0500
Received: from CO2PR03MB2342.namprd03.prod.outlook.com (10.166.93.14) by CO2PR03MB2344.namprd03.prod.outlook.com (10.166.93.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Thu, 9 Mar 2017 19:42:32 +0000
Received: from CO2PR03MB2342.namprd03.prod.outlook.com ([10.166.93.14]) by CO2PR03MB2342.namprd03.prod.outlook.com ([10.166.93.14]) with mapi id 15.01.0947.020; Thu, 9 Mar 2017 19:42:32 +0000
From: "Asveren, Tolga" <tasveren@sonusnet.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] SIP Digest - Open Issue
Thread-Index: AQHSmN368yki92IL2E2DEljx8rtZdKGM5B3w
Date: Thu, 09 Mar 2017 19:42:32 +0000
Message-ID: <CO2PR03MB234275628ACD940D566E0103B2210@CO2PR03MB2342.namprd03.prod.outlook.com>
References: <CAGL6ep+U+ozQgx+QCPo9JNAXA91L+ZV56ooUsUsJcQ3tuL5Xdw@mail.gmail.com>
In-Reply-To: <CAGL6ep+U+ozQgx+QCPo9JNAXA91L+ZV56ooUsUsJcQ3tuL5Xdw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.18.75]
x-ms-office365-filtering-correlation-id: 9860bfed-a3e6-4ac9-8866-08d467246de1
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CO2PR03MB2344;
x-microsoft-exchange-diagnostics: 1; CO2PR03MB2344; 7:OnjjxehI2Xld7xKwjd0XsyDQQzjMlIukXRO2qDepA5E26Qbm8NumJxkATFFoyzc0x2NjLVpvKIVdLivuXEAOdEUnuaJZry4rRYUD+R8/65wxgoUIUC1u2b6nTSgxWqRKYMgvxfjMpHFkjBx8fIHn6b72pIhDDFQffQH88RGLKDRfEXtBHRLAyWALu98F9bqTQWLwdeyCfRPFdicQ2n5wpMfw8W/d5d39hCQ15nxL4seHnT8wrjm/4NFIaRvCvx3o2/dXn1Sl8YxO83A4BuyOOwcGjM5AfOHRsPIIw47U8CsSvjvB86JaNRgAsfBuE+409cWF3KjHPPdZft8UTz+G9Q==; 20:+zvHILK3yBp7EEFgGwxnyTFbfWw0X/eRSo283kwj+JrZEZU6cKwvO/71nMjrrnHj8gYj57azkQU48UFpf3kft2660OglyHexHzMzbk+I0VI9Xp51hLNd6SWWDsMNYhdp91HwE1KHZCP/2AsGvqPzWkpeRsBoYC6qlGtOUQ7E8Zk=
x-microsoft-antispam-prvs: <CO2PR03MB23446C1687D6B7EF03743BA2B2210@CO2PR03MB2344.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123555025)(20161123562025)(20161123560025)(20161123564025)(20161123558025)(6072148); SRVR:CO2PR03MB2344; BCL:0; PCL:0; RULEID:; SRVR:CO2PR03MB2344;
x-forefront-prvs: 0241D5F98C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39450400003)(18543002)(377454003)(122556002)(38730400002)(25786008)(39060400002)(606005)(54356999)(86362001)(53546006)(2900100001)(3280700002)(99286003)(102836003)(106116001)(3846002)(6116002)(6246003)(2501003)(66066001)(2906002)(33656002)(3660700001)(790700001)(6306002)(77096006)(81166006)(229853002)(236005)(55016002)(53936002)(9686003)(50986999)(54896002)(76176999)(6436002)(7906003)(2950100002)(8676002)(7696004)(5660300001)(7736002)(8936002)(6506006)(19609705001)(189998001)(74316002); DIR:OUT; SFP:1101; SCL:1; SRVR:CO2PR03MB2344; H:CO2PR03MB2342.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: sonusnet.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2017 19:42:32.2300 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR03MB2344
X-MC-Unique: CBhZTdXGMFCgusJToguESw-1
Content-Type: multipart/alternative; boundary="_000_CO2PR03MB234275628ACD940D566E0103B2210CO2PR03MB2342namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/hJo6zdcnbZQL_adgJw7xUFvoauE>
Subject: Re: [sipcore] SIP Digest - Open Issue
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 19:42:41 -0000

i- I think it needs to be handled. It may have a cohort of anti-fans but forking is part of RFC3261 and should be covered for any scenario/new mechanism.

ii- I am not sure whether “UAC responds with the ones it supports” is the right approach. New/updated implementations may follow that advice but what about existing UACs? I think there may be a need to define a new option-tag indicating support for SHA*. If that is not present, only MD5 should be used. And actually this comment is applicable for any scenario, not just for forking. For forking, aggregation should consider the option-tag.

iii- UAC supporting SHA* and receiving challenges for both MD5/SHA* should reply for both of them. Authorization headers should be ordered based on the order of received WWW/Proxy-Authenticate header if challenges for both MD5/SHA* are received for the same realm. This would be needed if forking happens and one of the forked challengers support only MD5. Forking proxy should send only MD5 Authorization header to such an entity.
iv- In general, I don’t think there is a need to repeat “Updates to HTTP” etc…, which are already present in RFC3261.

Thanks,
Tolga

From: sipcore [mailto:sipcore-bounces@ietf.org] On Behalf Of Rifaat Shekh-Yusef
Sent: Thursday, March 9, 2017 9:04 AM
To: sipcore@ietf.org
Subject: [sipcore] SIP Digest - Open Issue

Hi,

There is an open issue around the Digest draft and I would like to get some thoughts from the WG about it:
https://datatracker.ietf.org/doc/draft-yusef-sipcore-digest-scheme/

The issue is related to section 2.5 Forking:
Is this a real use case? if so, the current text calls for the proxy to aggregate the responses and for the UAC to respond to the the ones it support; is this a reasonable approach?

Appreciate any thoughts about this.

Regards,
 Rifaat

v2.23.0 | Report a Bug | By Email