Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Thu, 31 October 2019 22:43 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 066CD120074 for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 15:43:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OA8JuPIzZNhG for <sipcore@ietfa.amsl.com>; Thu, 31 Oct 2019 15:43:10 -0700 (PDT)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1476312001E for <sipcore@ietf.org>; Thu, 31 Oct 2019 15:43:10 -0700 (PDT)
Received: by mail-il1-x133.google.com with SMTP id o16so6949173ilq.9 for <sipcore@ietf.org>; Thu, 31 Oct 2019 15:43:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RRPrjOIAGwfSBpPUS3zt/vOR+8sEcPmRrJRys81UflI=; b=odh4rHUmcJdRrCN/DUxTsmWlqgmztFJQPbGIVQsz64PQXAwstDCiIytHKbgzlEmXmi wgsewfMMLiOoBdGQaKGGbLmTgf8u+e7675+89E1DStlYP8s9nScxAPIRcbvDyBmI74Qj xzrzK38xtawJFlo0nXOwP9wEF5xWeY0vCSOawcEkqSWvCJjaQ3yABFX2Ap+Pebf2pE99 daffAadkE5DRj3tRhz0JrlpkOtcJY8G5j+Pn0D5V7OB7/OVBZWxzp4YvenHzg2UhUJxC Q8JSp82F+ZTeTdNR1bXESOB790rn9oywEulrUe+8YMGIE+p29nHbbbviZ8aM1FfoD9HK L/4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RRPrjOIAGwfSBpPUS3zt/vOR+8sEcPmRrJRys81UflI=; b=U9+alWdvxYamsZFPxxzE1TH+aLr8LtIakDRE6hgmLwLu/ZHn1VbPvM59bSoyxU1zqA xnun3zi6FaXB7vSTTQj1ZdHaI5O8N+Y53fWsNrbJw/ETKd1LQb8VVoWVdad7U4rRMKsa EglT1yEGk9qfLVMpWcUobMUlxq6iWi+2fRWOsr51PnDnOKNY0IRBgV/94R+YFS2A7OXV 2J4Ca9D5VzNvjvB6G0Yvsv/o4EdnStxAumRhXNKelJG7VGeoeM69PdFODAb8pKvJ14WR 1LSjhZpPDtVUH+95vleuSAtjJrSTRdcpRNQW61U1IjcWA3m1GyC9chIkLqeV2ef+jUF8 VV3Q==
X-Gm-Message-State: APjAAAXL2OnTt+mJtIz6uiaxbIUNXFyr5CLplVW58/jAuvlK2k3BrNuG om/0EcsF4m4hhkUauYHjGBvJHcm/HWuFBNz34A8=
X-Google-Smtp-Source: APXvYqxQMVo7SXGHBwNLCtrtols/xeRRIVPW2SwSv3I0rHcKGIgAsyJ0j0pPNFwRwgIz88uHQCkL+DjOogotgxiXysU=
X-Received: by 2002:a92:cb11:: with SMTP id s17mr9470541ilo.255.1572561789231; Thu, 31 Oct 2019 15:43:09 -0700 (PDT)
MIME-Version: 1.0
References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com>
In-Reply-To: <CAH7qZftz8dE0Jm8Mg8gYseqPxtn40jywUuf_6AaFTPJV_g=aqw@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Thu, 31 Oct 2019 18:42:59 -0400
Message-ID: <CAGL6epLx41pGbvzRO-u6UydURirQ6LyOQoiPhC+qOD5gu0EVdQ@mail.gmail.com>
To: Maxim Sobolev <sobomax@sippysoft.com>
Cc: SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d5a7aa05963c92db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/r46Cv_s19GevwprTuhdOqPBlSDY>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 22:43:13 -0000
Hi Maxim, I will address the first comment in the next version of the document. With regards to the second comment, where do you see that RFC7616 requires that you use the same nonce for all alternatives? Regards, Rifaat On Thu, Oct 31, 2019 at 1:37 PM Maxim Sobolev <sobomax@sippysoft.com> wrote: > Hi, I am new here, so not sure what the proper process is, but there are > few comments I have with regards to the proposed RFC: > > 1. In the Abstract section there is a phrase "the broken MD5 algorithm". I > think "broken" might be a bit strong and emotionally charged. There is > nothing broken about MD5 as far as hashing algorithm is concerned. It is > proven to be not very secure in this day and age, but given the right > amount of time any today's algorithm would probably be in that category. > > 2. Would be nice to have some examples, especially WRT multiple > alternative algorithms. What I don't like about RFC7616 (which this RFC > builds upon), though, is that they appear to suggest using the same nonce > for all alternatives. Is it really required for the functionality or not? > For the same amount of network BW used, you may provide more random bits > and make attacker's life maybe a bit harder. Also, I am not a security > expert, but it appears intuitively correct that a hash function with a > longer output might require more salt bits, so you might actually save some > BW by supplying each algorithm with just the right amount of randomness > this way. > > Thanks! > > -Max > > On Thu, Oct 31, 2019 at 6:20 AM <internet-drafts@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Session Initiation Protocol Core WG of >> the IETF. >> >> Title : The Session Initiation Protocol (SIP) Digest >> Authentication Scheme >> Author : Rifaat Shekh-Yusef >> Filename : draft-ietf-sipcore-digest-scheme-14.txt >> Pages : 9 >> Date : 2019-10-31 >> >> Abstract: >> This document updates RFC 3261 by updating the Digest Access >> Authentication scheme used by the Session Initiation Protocol (SIP) >> to add support for more secure digest algorithms, e.g., SHA-256 and >> SHA-512-256, to replace the broken MD5 algorithm. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14 >> https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> sipcore mailing list >> sipcore@ietf.org >> https://www.ietf.org/mailman/listinfo/sipcore >> > >
- [sipcore] I-D Action: draft-ietf-sipcore-digest-s… internet-drafts
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Maxim Sobolev
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Christer Holmberg
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Paul Kyzivat
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Rifaat Shekh-Yusef
- Re: [sipcore] I-D Action: draft-ietf-sipcore-dige… Olle E. Johansson