IETF Logo Mail Archive

Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 04 November 2019 14:29 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D07B120147 for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:29:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrvCJj6Xjebd for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:29:22 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740071.outbound.protection.outlook.com [40.107.74.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D20F41200F4 for <sipcore@ietf.org>; Mon, 4 Nov 2019 06:29:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VEMquWNRahQHPF/H+CpHHQVs/46wxHHHJrCbLjot3gNSHAFDAtagNJGfo0Ch4Bp/5btAzpFxNGH3Sqnj5gSKZXEdGbrrvw2u9EP9MDGeC5futuh4j8HxEk2naroisJFA7uSA6IkDykV5EG1U+B+BA8ntVTBDCOcp1eRLw59lYJn20Uro/sApEerx6L50XiAcBqw5ypl1Kt4IvY7E45Q1VbrHjKL5xmpfORlH/uLkt4NKKmzs+uMt0g2rzFwXIBW8vnnnkWG3Zt4KI/gPyMut70YonrlKUGhT0i+8zactezHzv9elbG4Xru3kvLW+mKPB++JA/utASWHN2HU3XQMP1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EPIcxnIHHgzufK+yldYruvnLMqlLj58U1jY2CDCb6rs=; b=lgqqOYviP36QxfjqYndB7wvHVTn0oogmX62u2kXB8fz9OEUX07rP+FxUzKELmicohGYmEpH6XxQb7DScRwNFI2T7TPIQLgm1rpFqzqrwOaBOQb0cQWrEjZGgV8y0BHzGTYWm+NJNJWZk7Wzk+7eg71CXLJuzmxgYONZSCPQdFd2yBUYHQufh8gB39/mOuiDbx6O3lSf0xzQcUMnTo88SCqMQ4jxblUvrT5XGauTVgRXq/YgvB3H5wuQQaz4tTkJZNphVr81j5JIFMrow5PuWmQaO8Nivtl3sgT5pfBr3jzKric+zUyM2rjj9ro9TkbFmICcapbyEcROiSd6iIzSe5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EPIcxnIHHgzufK+yldYruvnLMqlLj58U1jY2CDCb6rs=; b=c6C2jZJDSyY4LT3TKPT++PJkZ3qPofu6lnfj9DLSfDvpLK2tLyQcq0BtMEqihgxGWHBpRTb1hScY8/lgQlryMJh/ptXYBJ/1Ifo5Dnc25CMNr+WvLXF+gSgFQ6gafGKzTH8ryO3vi7exXlIuMAbyggcBEqWpuTEPnbv7OmAFa8M=
Received: from CY4PR12CA0028.namprd12.prod.outlook.com (2603:10b6:903:129::14) by CY4PR12MB1688.namprd12.prod.outlook.com (2603:10b6:910:8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 14:29:14 +0000
Received: from SN1NAM02FT019.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e44::204) by CY4PR12CA0028.outlook.office365.com (2603:10b6:903:129::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.24 via Frontend Transport; Mon, 4 Nov 2019 14:29:13 +0000
Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT019.mail.protection.outlook.com (10.152.72.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Mon, 4 Nov 2019 14:29:13 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id xA4ET9Mi008449 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <sipcore@ietf.org>; Mon, 4 Nov 2019 09:29:10 -0500
To: sipcore@ietf.org
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <CAGL6epLQS9xqHybZLTk1qM4i_LaDWVk8-iF0-0e_osf271R_Rg@mail.gmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <CAGL6epLrJYPaaYwFQjP8Lk3Uc3PUogtfPyxE5FsoTMJs3GvsgA@mail.gmail.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> <CAGL6epLp=x+Z3g+BZAYsmOob1pkchnvRObnJ7JfTSWES8xaEmA@mail.gmail.com> <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> <CAGL6epJToAGBnvxNO0kTu74AtTL7eSqvsRyemKRt4=RBgU8z8g@mail.gmail.com> <7D911FFD-814F-4DCF-A13E-C3E19A5D0EE5@ericsson.com> <064B1BB7-6D54-453B-B58B-527EC3B9D78D@fastmail.fm> <CAGL6ep+b77z=W8ig6b5yzPAYir4rdAk8YTRbW58xkw0QRHgnNA@mail.gmail.com> <HE1PR07MB31611E03B4AE9575E9C224D8937C0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAGL6epLH0ioOP2ZK5nv-awwZbCciV8hyQcYKWXE6XM9xt-YWwg@mail.gmail.com> <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <cd6ddae6-df5e-cec7-091a-22d3de264b02@alum.mit.edu>
Date: Mon, 04 Nov 2019 09:29:09 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(396003)(39860400002)(189003)(199004)(18543002)(106002)(47776003)(229853002)(76130400001)(186003)(65806001)(2486003)(486006)(476003)(86362001)(966005)(478600001)(75432002)(6306002)(6246003)(8936002)(65956001)(30864003)(356004)(5660300002)(246002)(8676002)(2870700001)(88552002)(7596002)(50466002)(53546011)(26005)(126002)(316002)(2616005)(305945005)(14444005)(70586007)(26826003)(70206006)(2906002)(2351001)(31696002)(58126008)(31686004)(36906005)(786003)(446003)(11346002)(336012)(6916009)(956004)(76176011)(2361001)(23676004); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1688; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6203934e-044e-4fe7-3f43-08d761335d8e
X-MS-TrafficTypeDiagnostic: CY4PR12MB1688:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <CY4PR12MB1688C5EA14CCA067C97FE92FF97F0@CY4PR12MB1688.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0211965D06
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mAl7TRFrW9pkY2iVCGc5CqEC3EJQVyteG/enWtixGmsb7gRmA9qhv0aIudfas2+fO9iK0vd1PjyAEoavZt8ITjSNuds1ZJtthLlboDC54Ll6uZdakDFU1kEakRDc+GlT9x5Y5WMX3lh9Sgj3t26WkEQHRQfgydk2+3MQkV5tyVvFRhYNIKualYCVTfRrCKbsdu/jHPAubNVl4qdKOVzz7KzZ0afTJyAZcfdZsGWFZ0y/h931n3q4FxE/FFD4EY19GhQbsy2ALcGYvifBnLNEqLvZCSTMT29WCIaJnx/xc+09BUljXv7O0vbmp0AbZYqBpOCrd3pFRxJnydjE/uhUAFYFj9baaO9r0DfUy/6Ke2leU6jjLywJ20M/cduVUMA//aINfZGVINqYbdlw4qS5iacNSWMelZSgi1iINR78QYlgxDlAs/MKN2Q2x4QbfoLRoz8QIGlw17XbUL2U+QJJBmtfK2yd9UI2Z2t4Nr4YPlo=
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2019 14:29:13.3371 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6203934e-044e-4fe7-3f43-08d761335d8e
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1688
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/rB7vksWe19qaRimOgDR5YE7VATI>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 14:29:25 -0000

On 11/4/19 2:57 AM, Christer Holmberg wrote:
> Hi,
> 
>>I am not sure I am following, What do you mean by "challenge response not being provided"?
> 
> The response to the challenge provided by the server.
> 
> If you think it is unclear, maybe something like:
> 
> “A parameter with an empty value (empty string) is allowed when the UAC 
> has not yet received a challenge."

I'm confused. When is this behavior appropriate and what does it mean?

	Thanks,
	Paul

> Regards,
> 
> Christer
> 
> On Sun, Nov 3, 2019 at 1:53 PM Christer Holmberg 
> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> 
> wrote:
> 
>     Hi,
> 
>     I am fine with the suggestion, but instead of talking about an
>     algorithm not being provided I would like to talk about a *challenge
>     response* not being provided.
> 
>     Regards,
> 
>     Christer
> 
>     ------------------------------------------------------------------------
> 
>     *From:*Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
>     <mailto:rifaat.ietf@gmail.com>>
>     *Sent:* Sunday, November 3, 2019 12:01 PM
>     *To:* Alexey Melnikov <aamelnikov@fastmail.fm
>     <mailto:aamelnikov@fastmail.fm>>
>     *Cc:* Christer Holmberg <christer.holmberg@ericsson.com
>     <mailto:christer.holmberg@ericsson.com>>; sipcore-chairs@ietf.org
>     <mailto:sipcore-chairs@ietf.org> <sipcore-chairs@ietf.org
>     <mailto:sipcore-chairs@ietf.org>>;
>     draft-ietf-sipcore-digest-scheme@ietf.org
>     <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>
>     <draft-ietf-sipcore-digest-scheme@ietf.org
>     <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>; The IESG
>     <iesg@ietf.org <mailto:iesg@ietf.org>>; SIPCORE <sipcore@ietf.org
>     <mailto:sipcore@ietf.org>>
>     *Subject:* Re: [sipcore] Alexey Melnikov's No Objection on
>     draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
> 
>     Alexey, Christer,
> 
>     How about the following:
> 
>     1. Change the ABNF to "request-digest = LDQUOT *LHEX RDQUOT"
> 
>     2. Change the text below it to say "The number of hex digits is
>     implied by the length of the value of the algorithm used, with the
>     minimum size of 32. A parameter with an empty value (empty string)
>     is allowed when the algorithm is not specified.""
> 
>     Regards,
> 
>       Rifaat
> 
>     On Fri, Nov 1, 2019 at 6:10 AM Alexey Melnikov
>     <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>> wrote:
> 
>         On 1 Nov 2019, at 07:09, Christer Holmberg
>         <christer.holmberg@ericsson.com
>         <mailto:christer.holmberg@ericsson.com>> wrote:
> 
>             Hi,
> 
>             >I do not have a strong opinion here. 
> 
>             > 
> 
>             >Anybody has an opinion or thoughts about adding such a text?
> 
>             In addition we’d obviously also change the ABNF back, to
>             allow empty values.
> 
>         If the ABNF is changed back for this, I think some extra text
>         would be useful.
> 
>             Regards,
> 
>             Christer
> 
>             On Thu, Oct 31, 2019 at 1:50 PM Christer Holmberg
>             <christer.holmberg@ericsson.com
>             <mailto:christer.holmberg@ericsson.com>> wrote:
> 
>                 Something like this:
> 
>                 “In some cases a UAC needs to include an Authorization
>                 header field in a request before it has received a
>                 challenge, in order to provide user information (using
>                 the ‘userinfo’ header field parameter) that is needed in
>                 order to create the challenge. An example of such case
>                 is when the HTTP Digest Authentication Using AKA
>                 mechanism (RFC3310) (RFC4169) is used. In such case the
>                 Authorization header field would typically not contain a
>                 ‘response’ header field parameter before a challenge
>                 response is provided. However, for the IP Multimedia
>                 Subsystem (IMS) it has been specified that the
>                 Authorization header field in such case does contain a
>                   ‘response’ header field parameter, with an empty value
>                 (empty string). For that reason the modified
>                 request-digest ABNF allows such empty values.”
> 
>                 Regards,
> 
>                 Christer
> 
>                 *From: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
>                 <mailto:rifaat.ietf@gmail.com>>
>                 *Date: *Thursday, 31 October 2019 at 19.22
>                 *To: *Christer Holmberg <christer.holmberg@ericsson.com
>                 <mailto:christer.holmberg@ericsson.com>>
>                 *Cc: *Christer Holmberg
>                 <christer.holmberg=40ericsson.com@dmarc.ietf.org
>                 <mailto:40ericsson.com@dmarc.ietf.org>>,
>                 "sipcore-chairs@ietf.org
>                 <mailto:sipcore-chairs@ietf.org>"
>                 <sipcore-chairs@ietf.org
>                 <mailto:sipcore-chairs@ietf.org>>,
>                 "draft-ietf-sipcore-digest-scheme@ietf.org
>                 <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
>                 <draft-ietf-sipcore-digest-scheme@ietf.org
>                 <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
>                 "iesg@ietf.org <mailto:iesg@ietf.org>" <iesg@ietf.org
>                 <mailto:iesg@ietf.org>>, "sipcore@ietf.org
>                 <mailto:sipcore@ietf.org>" <sipcore@ietf.org
>                 <mailto:sipcore@ietf.org>>, Alexey Melnikov
>                 <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>>
>                 *Subject: *Re: [sipcore] Alexey Melnikov's No Objection
>                 on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
> 
>                 Can you propose some text?
> 
>                 Thanks,
> 
>                   Rifaat
> 
>                 On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg
>                 <christer.holmberg@ericsson.com
>                 <mailto:christer.holmberg@ericsson.com>> wrote:
> 
>                     Hi,
> 
>                     Perhaps we could add some text about the IMS
>                     use-case, in order to explain the empty value?
> 
>                     Regards,
> 
>                     Christer
> 
>                     *From: *sipcore <sipcore-bounces@ietf.org
>                     <mailto:sipcore-bounces@ietf.org>> on behalf of
>                     Christer Holmberg
>                     <christer.holmberg=40ericsson.com@dmarc.ietf.org
>                     <mailto:40ericsson.com@dmarc.ietf.org>>
>                     *Date: *Thursday, 31 October 2019 at 15.52
>                     *To: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
>                     <mailto:rifaat.ietf@gmail.com>>
>                     *Cc: *"sipcore-chairs@ietf.org
>                     <mailto:sipcore-chairs@ietf.org>"
>                     <sipcore-chairs@ietf.org
>                     <mailto:sipcore-chairs@ietf.org>>,
>                     "draft-ietf-sipcore-digest-scheme@ietf.org
>                     <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
>                     <draft-ietf-sipcore-digest-scheme@ietf.org
>                     <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
>                     "iesg@ietf.org <mailto:iesg@ietf.org>"
>                     <iesg@ietf.org <mailto:iesg@ietf.org>>,
>                     "sipcore@ietf.org <mailto:sipcore@ietf.org>"
>                     <sipcore@ietf.org <mailto:sipcore@ietf.org>>, Alexey
>                     Melnikov <aamelnikov@fastmail.fm
>                     <mailto:aamelnikov@fastmail.fm>>
>                     *Subject: *Re: [sipcore] Alexey Melnikov's No
>                     Objection on draft-ietf-sipcore-digest-scheme-12:
>                     (with COMMENT)
> 
>                     Hi,
> 
>                     >This IMS behavior would have been in violation of RFC3261 which specified exactly 32 Hex characters.
> 
>                     >So, this change should not make much of a difference in this case.
> 
>                     In reality it probably doesn’t make a difference,
>                     but it would make the IMS procedures “aligned” with
>                     the IETF spec.
> 
>                     Regards,
> 
>                     Christer
> 
>                     On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg
>                     <christer.holmberg@ericsson.com
>                     <mailto:christer.holmberg@ericsson.com>> wrote:
> 
>                         Hi,
> 
>                         The reason for the empty value comes from IMS
>                         and AKA, where you need to include the user id
>                         already in the initial REGISTER request (this
>                         seems to be missing from RFC 3310, but that’s a
>                         separate topic) in order for the server to
>                         create the challenge,  meaning that in the
>                         initial REGISTER request you include an
>                         Authorization header field with the username
>                         parameter carrying the IMS private user
>                         identity, the realm parameter and the uri
>                         parameter. At this point you obviously don’t yet
>                         have the response, so in IMS it is specified
>                         that the response parameter is inserted with an
>                         empty value.
> 
>                         WHY it was specified that way (instead of simply
>                         not including the response parameter) I don’t
>                         know, but I do know that it has been implemented
>                         and deployed that way for many years.
> 
>                         Regards,
> 
>                         Christer
> 
>                         *From: *sipcore <sipcore-bounces@ietf.org
>                         <mailto:sipcore-bounces@ietf.org>> on behalf of
>                         Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
>                         <mailto:rifaat.ietf@gmail.com>>
>                         *Date: *Thursday, 31 October 2019 at 15.20
>                         *To: *Alexey Melnikov <aamelnikov@fastmail.fm
>                         <mailto:aamelnikov@fastmail.fm>>
>                         *Cc: *"sipcore-chairs@ietf.org
>                         <mailto:sipcore-chairs@ietf.org>"
>                         <sipcore-chairs@ietf.org
>                         <mailto:sipcore-chairs@ietf.org>>,
>                         "draft-ietf-sipcore-digest-scheme@ietf.org
>                         <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
>                         <draft-ietf-sipcore-digest-scheme@ietf.org
>                         <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
>                         "iesg@ietf.org <mailto:iesg@ietf.org>"
>                         <iesg@ietf.org <mailto:iesg@ietf.org>>,
>                         "sipcore@ietf.org <mailto:sipcore@ietf.org>"
>                         <sipcore@ietf.org <mailto:sipcore@ietf.org>>
>                         *Subject: *Re: [sipcore] Alexey Melnikov's No
>                         Objection on
>                         draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
> 
>                         Done.
> 
>                         On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov
>                         <aamelnikov@fastmail.fm
>                         <mailto:aamelnikov@fastmail.fm>> wrote:
> 
>                             On Thu, Oct 31, 2019, at 1:11 PM, Rifaat
>                             Shekh-Yusef wrote:
> 
>                                 Hi Alexey,
> 
>                                 I am fine with Paul's suggestion.
> 
>                                 Are you ok with "32*LHEX"?
> 
>                             Yes!
> 
>                             Thank you,
> 
>                             Alexey
> 
>                                 Regards,
> 
>                                   Rfaat
> 
>                                 On Thu, Oct 31, 2019 at 7:22 AM Alexey
>                                 Melnikov <aamelnikov@fastmail.fm
>                                 <mailto:aamelnikov@fastmail.fm>> wrote:
> 
>                                     Hi Rifaat,
> 
>                                     On Wed, Oct 30, 2019, at 9:50 PM,
>                                     Rifaat Shekh-Yusef wrote:
> 
>                                         Thanks Alexey!
> 
>                                         I am fine with the first two
>                                         comments, and will fix these in
>                                         the coming version of the document.
> 
>                                         I am not sure I follow the 3rd
>                                         one. Why do you see the need for
>                                         a minimum number of hex digits?
> 
>                                     You do say that the number of hex
>                                     digits match the hash lenght, so it
>                                     is probably Ok. However empty value
>                                     is never valid (and I am worried it
>                                     might hit some boundary condition
>                                     bug in implementations), so
>                                     prohibiting it in ABNF would be the
>                                     best.
> 
>                                     Best Regards,
> 
>                                     Alexey
> 
>                                         Regards,
> 
>                                           Rifaat
> 
>                                         On Wed, Oct 30, 2019 at 1:16 PM
>                                         Alexey Melnikov via Datatracker
>                                         <noreply@ietf.org
>                                         <mailto:noreply@ietf.org>> wrote:
> 
>                                             Alexey Melnikov has entered
>                                             the following ballot
>                                             position for
> 
>                                             draft-ietf-sipcore-digest-scheme-12:
>                                             No Objection
> 
>                                             When responding, please keep
>                                             the subject line intact and
>                                             reply to all
> 
>                                             email addresses included in
>                                             the To and CC lines. (Feel
>                                             free to cut this
> 
>                                             introductory paragraph,
>                                             however.)
> 
>                                             Please refer to
>                                             https://www.ietf.org/iesg/statement/discuss-criteria.html
> 
>                                             for more information about
>                                             IESG DISCUSS and COMMENT
>                                             positions.
> 
>                                             The document, along with
>                                             other ballot positions, can
>                                             be found here:
> 
>                                             https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/
> 
>                                             ----------------------------------------------------------------------
> 
>                                             COMMENT:
> 
>                                             ----------------------------------------------------------------------
> 
>                                             I am agreeing with Alissa's
>                                             DISCUSS.
> 
>                                             Also, I have a few comments
>                                             of my own:
> 
>                                             1) Last para of Section 2.1:
> 
>                                             2.1.  Hash Algorithms
> 
>                                                 A UAS prioritizes which
>                                             algorithm to use based on
>                                             the ordering of the
> 
>                                                 challenge header fields
>                                             in the response it is preparing.
> 
>                                             This looks either wrong or
>                                             confusing to me. I think you
>                                             are just saying here
> 
>                                             that the order is decided by
>                                             the server at this point.
> 
>                                                 That
> 
>                                                 process is specified in
>                                             section 2.3 and parallels
>                                             the process used in
> 
>                                                 HTTP specified by [RFC7616].
> 
>                                             So based on the above, my
>                                             suggested replacement for
>                                             both sentences:
> 
>                                                 A UAS prioritizes which
>                                             algorithm to use based on
>                                             its policy,
> 
>                                                 which is specified in
>                                             section 2.3 and parallels
>                                             the process used in
> 
>                                                 HTTP specified by [RFC7616].
> 
>                                             2) Last para of Section 2.4:
> 
>                                                 If the UAC cannot
>                                             respond to any of the
>                                             challenges in the response,
> 
>                                                 then it SHOULD abandon
>                                             attempts to send the request
>                                             unless a local
> 
>                                                 policy dictates otherwise.
> 
>                                             Is trying other non Digest
>                                             algorithms covered by
>                                             "SHOULD abandon"?
> 
>                                             If yes, maybe you should
>                                             make this clearer.
> 
>                                                 For example, if the UAC
>                                             does not have
> 
>                                                 credentials or has stale
>                                             credentials for any of the
>                                             realms, the UAC
> 
>                                                 will abandon the request.
> 
>                                             3) In Section 2.7:
> 
>                                                    request-digest =
>                                             LDQUOT *LHEX RDQUOT
> 
>                                             This now allows empty value.
>                                             I suggest you specify a
>                                             minimum number of hex
> 
>                                             digits allowed in the ABNF.
>                                             Or at least change "*LHEX"
>                                             to "2*LHEX".
> 
> 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>

v2.23.0 | Report a Bug | By Email