IETF Logo Mail Archive

Re: [sipcore] draft-ietf-sipcore-digest-scheme comments

Christer Holmberg <christer.holmberg@ericsson.com> Sat, 25 May 2019 16:31 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 705E61200E0 for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 09:31:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FB4Y9FKPP7_i for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 09:31:08 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20041.outbound.protection.outlook.com [40.107.2.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EB7D1200CE for <sipcore@ietf.org>; Sat, 25 May 2019 09:31:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZB1lfW3AOvef85vHRvu/hTc+X/J6yupzCP3/2yApcKk=; b=eXLYF2JbC/Ww+pd/UViGjREaQk9T2OEbUgZs0NMi4Tlvly504SDtG0vvnw3cbatWDTiTM2flkpU19///nA1gG//DoIY3ku6Dy8p3xgk8UplxAJR9EFg7jx1QIf8mUG2Ddv5vSylDBx6qVVGpVljxcFmbgiVQnDxvjgoHfjYBUUs=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3130.eurprd07.prod.outlook.com (10.170.245.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.12; Sat, 25 May 2019 16:31:05 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.016; Sat, 25 May 2019 16:31:05 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: "Olle E. Johansson" <oej@edvina.net>, SIPCORE <sipcore@ietf.org>
Thread-Topic: [sipcore] draft-ietf-sipcore-digest-scheme comments
Thread-Index: AQHVDLXhQrBFZP79BUqVpCNPfRzS+KZxOB6AgAJLmwCAAqM3AIAFmuiAgABqJQD//9GFAIAASdoA
Date: Sat, 25 May 2019 16:31:05 +0000
Message-ID: <2BD32E4F-AA3F-4C61-BE9F-037353FA4083@ericsson.com>
References: <DE595AFF-5DEA-4A32-8527-10B841D6C7C1@edvina.net> <CAGL6epLMHoneH6PNgeF5TgJhveh-xWeZSW6XQDBB2Gf5mS9eRQ@mail.gmail.com> <C1431DCD-C4DD-4BFA-9C5D-E4DFE7B0F2DA@edvina.net> <B4A08741-A092-480C-AE12-2DD25D7835D0@ericsson.com> <CAGL6epJTv+Dytk_VHNi4Sk0mimVj=cMqWR4u9uSg1q+RcUQJ_Q@mail.gmail.com> <98D9E38D-4EA3-4F55-B37D-5334FA42F362@ericsson.com> <CAGL6epL7y0jiOqBdt3UOkx31ueQofh-W8vPwjvOUZhHZsaDq3A@mail.gmail.com>
In-Reply-To: <CAGL6epL7y0jiOqBdt3UOkx31ueQofh-W8vPwjvOUZhHZsaDq3A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [178.55.236.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 33ae2616-6674-485e-18d7-08d6e12e6231
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB3130;
x-ms-traffictypediagnostic: HE1PR07MB3130:
x-microsoft-antispam-prvs: <HE1PR07MB3130E4BC14BA603552A7F03B93030@HE1PR07MB3130.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0048BCF4DA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(39860400002)(346002)(136003)(396003)(189003)(199004)(18543002)(8936002)(73956011)(99286004)(4326008)(76116006)(7736002)(66066001)(478600001)(305945005)(6246003)(316002)(81166006)(53936002)(58126008)(71190400001)(26005)(71200400001)(86362001)(83716004)(14454004)(76176011)(6506007)(54906003)(102836004)(66476007)(66446008)(64756008)(66556008)(66946007)(25786009)(8676002)(6916009)(81156014)(5660300002)(36756003)(3846002)(6512007)(11346002)(486006)(82746002)(2616005)(44832011)(6436002)(6486002)(476003)(446003)(229853002)(14444005)(256004)(186003)(6116002)(68736007)(33656002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3130; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: PXSpHbQPrDNjIHjzxG4z3QB/RdIpk4igT/uVTUGUhZTr9FL7pL0eP5QQkEOv2ICNTlXsxJzSm3wJlMNN/OTGYbF/6eh5FpXlC5lf+4KE4YamB+0UlpXiX+4SellSdZY0/HacqbUMXbiAox+HGmOWs64xxcjIuoR88txTwf3gkBF8t3z7VO0BHQWHhtZerhxfoorH3L+QbTV7s3ky7VwotE8PXNwMKKumxAp7jFA4STFvHfq3tqSC4hYFAWdG0rc+vQdhq/jlpeEqhgKNr8Ab0ZSABXcJbz6rs//BJv+eUMxDI7Wl1D12y2skzhWDShVrVJUW0eV77+m+u3Tm/iA9gJQzoGj3MFRASs8S+qiiDa/rRQniVbSc94MSGMsXb0y2wsvXt8WUvHMrT9/KqY4IOXoqLbBA46IR5awSXyNtsNI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <F4017B7C0CA8614ABF2E4FE88E3810B6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 33ae2616-6674-485e-18d7-08d6e12e6231
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2019 16:31:05.0384 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3130
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/pvI0itnQbxIQkM2itei9K3ZTsfY>
Subject: Re: [sipcore] draft-ietf-sipcore-digest-scheme comments
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 May 2019 16:31:11 -0000

Hi,
  
... 

>>>>> Section 2.4:
>>>>>
>>>>> "When the UAC receives a response with multiple header fields with the
>>>>>   same realm it SHOULD use the topmost header field that it supports,
>>>>>   unless a local policy dictates otherwise.”
>>>>>
>>>>> Why a SHOULD? I would prefer a MUST.
>>>>
>>>> I can do that, but the last part of this paragraph states that local policy can override this recommendations anyway.
>>>> So, does it make any difference?
>>>> Should we allow that? Why would local policy enforce a downgrade?
>>>>
>>>>> “When the UAC receives a 401 response with multiple WWW-Authenticate
>>>>>   header fields with different realms it SHOULD retry and include an
>>>>>   Authorization header field containing credentials that match the
>>>>>   topmost header field of any one of the realms.”
>>>>>
>>>>> If you are disallowing multiple Authorization headers for the same realm,
>>>>> but with different algorithms I think this should be clearly written. In my
>>>>> view, that would be a good thing.
>>>>
>>>> This is allowed.
>>>
>>> RFC 3261 does not say anything about using the topmost header, does it?
>>>
>>> I was referring to this document.
>>
>> So, the should-use-topmost is something new, defined in this document?
>
> Yes, as per RFC7616.

Perhaps then say "As defined in RFC7617,...."

And, perhaps mention it in section 2, where the changes are listed.

Also, as the remote peer may not have implemented the draft, I think it would be good to point out that one must not assume that the peer will use the topmost header, even if it supports the algorithm in the topmost header.

Regards,

Christer

v2.23.0 | Report a Bug | By Email