Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 04 November 2019 14:29 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D07B120147 for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:29:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrvCJj6Xjebd for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:29:22 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740071.outbound.protection.outlook.com [40.107.74.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D20F41200F4 for <sipcore@ietf.org>; Mon, 4 Nov 2019 06:29:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VEMquWNRahQHPF/H+CpHHQVs/46wxHHHJrCbLjot3gNSHAFDAtagNJGfo0Ch4Bp/5btAzpFxNGH3Sqnj5gSKZXEdGbrrvw2u9EP9MDGeC5futuh4j8HxEk2naroisJFA7uSA6IkDykV5EG1U+B+BA8ntVTBDCOcp1eRLw59lYJn20Uro/sApEerx6L50XiAcBqw5ypl1Kt4IvY7E45Q1VbrHjKL5xmpfORlH/uLkt4NKKmzs+uMt0g2rzFwXIBW8vnnnkWG3Zt4KI/gPyMut70YonrlKUGhT0i+8zactezHzv9elbG4Xru3kvLW+mKPB++JA/utASWHN2HU3XQMP1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EPIcxnIHHgzufK+yldYruvnLMqlLj58U1jY2CDCb6rs=; b=lgqqOYviP36QxfjqYndB7wvHVTn0oogmX62u2kXB8fz9OEUX07rP+FxUzKELmicohGYmEpH6XxQb7DScRwNFI2T7TPIQLgm1rpFqzqrwOaBOQb0cQWrEjZGgV8y0BHzGTYWm+NJNJWZk7Wzk+7eg71CXLJuzmxgYONZSCPQdFd2yBUYHQufh8gB39/mOuiDbx6O3lSf0xzQcUMnTo88SCqMQ4jxblUvrT5XGauTVgRXq/YgvB3H5wuQQaz4tTkJZNphVr81j5JIFMrow5PuWmQaO8Nivtl3sgT5pfBr3jzKric+zUyM2rjj9ro9TkbFmICcapbyEcROiSd6iIzSe5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EPIcxnIHHgzufK+yldYruvnLMqlLj58U1jY2CDCb6rs=; b=c6C2jZJDSyY4LT3TKPT++PJkZ3qPofu6lnfj9DLSfDvpLK2tLyQcq0BtMEqihgxGWHBpRTb1hScY8/lgQlryMJh/ptXYBJ/1Ifo5Dnc25CMNr+WvLXF+gSgFQ6gafGKzTH8ryO3vi7exXlIuMAbyggcBEqWpuTEPnbv7OmAFa8M=
Received: from CY4PR12CA0028.namprd12.prod.outlook.com (2603:10b6:903:129::14) by CY4PR12MB1688.namprd12.prod.outlook.com (2603:10b6:910:8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 14:29:14 +0000
Received: from SN1NAM02FT019.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e44::204) by CY4PR12CA0028.outlook.office365.com (2603:10b6:903:129::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.24 via Frontend Transport; Mon, 4 Nov 2019 14:29:13 +0000
Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT019.mail.protection.outlook.com (10.152.72.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Mon, 4 Nov 2019 14:29:13 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id xA4ET9Mi008449 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <sipcore@ietf.org>; Mon, 4 Nov 2019 09:29:10 -0500
To: sipcore@ietf.org
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <CAGL6epLQS9xqHybZLTk1qM4i_LaDWVk8-iF0-0e_osf271R_Rg@mail.gmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <CAGL6epLrJYPaaYwFQjP8Lk3Uc3PUogtfPyxE5FsoTMJs3GvsgA@mail.gmail.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> <CAGL6epLp=x+Z3g+BZAYsmOob1pkchnvRObnJ7JfTSWES8xaEmA@mail.gmail.com> <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> <CAGL6epJToAGBnvxNO0kTu74AtTL7eSqvsRyemKRt4=RBgU8z8g@mail.gmail.com> <7D911FFD-814F-4DCF-A13E-C3E19A5D0EE5@ericsson.com> <064B1BB7-6D54-453B-B58B-527EC3B9D78D@fastmail.fm> <CAGL6ep+b77z=W8ig6b5yzPAYir4rdAk8YTRbW58xkw0QRHgnNA@mail.gmail.com> <HE1PR07MB31611E03B4AE9575E9C224D8937C0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAGL6epLH0ioOP2ZK5nv-awwZbCciV8hyQcYKWXE6XM9xt-YWwg@mail.gmail.com> <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <cd6ddae6-df5e-cec7-091a-22d3de264b02@alum.mit.edu>
Date: Mon, 04 Nov 2019 09:29:09 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(396003)(39860400002)(189003)(199004)(18543002)(106002)(47776003)(229853002)(76130400001)(186003)(65806001)(2486003)(486006)(476003)(86362001)(966005)(478600001)(75432002)(6306002)(6246003)(8936002)(65956001)(30864003)(356004)(5660300002)(246002)(8676002)(2870700001)(88552002)(7596002)(50466002)(53546011)(26005)(126002)(316002)(2616005)(305945005)(14444005)(70586007)(26826003)(70206006)(2906002)(2351001)(31696002)(58126008)(31686004)(36906005)(786003)(446003)(11346002)(336012)(6916009)(956004)(76176011)(2361001)(23676004); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1688; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6203934e-044e-4fe7-3f43-08d761335d8e
X-MS-TrafficTypeDiagnostic: CY4PR12MB1688:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <CY4PR12MB1688C5EA14CCA067C97FE92FF97F0@CY4PR12MB1688.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0211965D06
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mAl7TRFrW9pkY2iVCGc5CqEC3EJQVyteG/enWtixGmsb7gRmA9qhv0aIudfas2+fO9iK0vd1PjyAEoavZt8ITjSNuds1ZJtthLlboDC54Ll6uZdakDFU1kEakRDc+GlT9x5Y5WMX3lh9Sgj3t26WkEQHRQfgydk2+3MQkV5tyVvFRhYNIKualYCVTfRrCKbsdu/jHPAubNVl4qdKOVzz7KzZ0afTJyAZcfdZsGWFZ0y/h931n3q4FxE/FFD4EY19GhQbsy2ALcGYvifBnLNEqLvZCSTMT29WCIaJnx/xc+09BUljXv7O0vbmp0AbZYqBpOCrd3pFRxJnydjE/uhUAFYFj9baaO9r0DfUy/6Ke2leU6jjLywJ20M/cduVUMA//aINfZGVINqYbdlw4qS5iacNSWMelZSgi1iINR78QYlgxDlAs/MKN2Q2x4QbfoLRoz8QIGlw17XbUL2U+QJJBmtfK2yd9UI2Z2t4Nr4YPlo=
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2019 14:29:13.3371 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6203934e-044e-4fe7-3f43-08d761335d8e
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1688
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/rB7vksWe19qaRimOgDR5YE7VATI>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 14:29:25 -0000
On 11/4/19 2:57 AM, Christer Holmberg wrote: > Hi, > >>I am not sure I am following, What do you mean by "challenge response not being provided"? > > The response to the challenge provided by the server. > > If you think it is unclear, maybe something like: > > “A parameter with an empty value (empty string) is allowed when the UAC > has not yet received a challenge." I'm confused. When is this behavior appropriate and what does it mean? Thanks, Paul > Regards, > > Christer > > On Sun, Nov 3, 2019 at 1:53 PM Christer Holmberg > <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> > wrote: > > Hi, > > I am fine with the suggestion, but instead of talking about an > algorithm not being provided I would like to talk about a *challenge > response* not being provided. > > Regards, > > Christer > > ------------------------------------------------------------------------ > > *From:*Rifaat Shekh-Yusef <rifaat.ietf@gmail.com > <mailto:rifaat.ietf@gmail.com>> > *Sent:* Sunday, November 3, 2019 12:01 PM > *To:* Alexey Melnikov <aamelnikov@fastmail.fm > <mailto:aamelnikov@fastmail.fm>> > *Cc:* Christer Holmberg <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>>; sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org> <sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>>; > draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org> > <draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>; The IESG > <iesg@ietf.org <mailto:iesg@ietf.org>>; SIPCORE <sipcore@ietf.org > <mailto:sipcore@ietf.org>> > *Subject:* Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > Alexey, Christer, > > How about the following: > > 1. Change the ABNF to "request-digest = LDQUOT *LHEX RDQUOT" > > 2. Change the text below it to say "The number of hex digits is > implied by the length of the value of the algorithm used, with the > minimum size of 32. A parameter with an empty value (empty string) > is allowed when the algorithm is not specified."" > > Regards, > > Rifaat > > On Fri, Nov 1, 2019 at 6:10 AM Alexey Melnikov > <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>> wrote: > > On 1 Nov 2019, at 07:09, Christer Holmberg > <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> wrote: > > Hi, > > >I do not have a strong opinion here. > > > > > >Anybody has an opinion or thoughts about adding such a text? > > In addition we’d obviously also change the ABNF back, to > allow empty values. > > If the ABNF is changed back for this, I think some extra text > would be useful. > > Regards, > > Christer > > On Thu, Oct 31, 2019 at 1:50 PM Christer Holmberg > <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> wrote: > > Something like this: > > “In some cases a UAC needs to include an Authorization > header field in a request before it has received a > challenge, in order to provide user information (using > the ‘userinfo’ header field parameter) that is needed in > order to create the challenge. An example of such case > is when the HTTP Digest Authentication Using AKA > mechanism (RFC3310) (RFC4169) is used. In such case the > Authorization header field would typically not contain a > ‘response’ header field parameter before a challenge > response is provided. However, for the IP Multimedia > Subsystem (IMS) it has been specified that the > Authorization header field in such case does contain a > ‘response’ header field parameter, with an empty value > (empty string). For that reason the modified > request-digest ABNF allows such empty values.” > > Regards, > > Christer > > *From: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com > <mailto:rifaat.ietf@gmail.com>> > *Date: *Thursday, 31 October 2019 at 19.22 > *To: *Christer Holmberg <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> > *Cc: *Christer Holmberg > <christer.holmberg=40ericsson.com@dmarc.ietf.org > <mailto:40ericsson.com@dmarc.ietf.org>>, > "sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>" > <sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>>, > "draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" > <draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, > "iesg@ietf.org <mailto:iesg@ietf.org>" <iesg@ietf.org > <mailto:iesg@ietf.org>>, "sipcore@ietf.org > <mailto:sipcore@ietf.org>" <sipcore@ietf.org > <mailto:sipcore@ietf.org>>, Alexey Melnikov > <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>> > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection > on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > Can you propose some text? > > Thanks, > > Rifaat > > On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg > <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> wrote: > > Hi, > > Perhaps we could add some text about the IMS > use-case, in order to explain the empty value? > > Regards, > > Christer > > *From: *sipcore <sipcore-bounces@ietf.org > <mailto:sipcore-bounces@ietf.org>> on behalf of > Christer Holmberg > <christer.holmberg=40ericsson.com@dmarc.ietf.org > <mailto:40ericsson.com@dmarc.ietf.org>> > *Date: *Thursday, 31 October 2019 at 15.52 > *To: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com > <mailto:rifaat.ietf@gmail.com>> > *Cc: *"sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>" > <sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>>, > "draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" > <draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, > "iesg@ietf.org <mailto:iesg@ietf.org>" > <iesg@ietf.org <mailto:iesg@ietf.org>>, > "sipcore@ietf.org <mailto:sipcore@ietf.org>" > <sipcore@ietf.org <mailto:sipcore@ietf.org>>, Alexey > Melnikov <aamelnikov@fastmail.fm > <mailto:aamelnikov@fastmail.fm>> > *Subject: *Re: [sipcore] Alexey Melnikov's No > Objection on draft-ietf-sipcore-digest-scheme-12: > (with COMMENT) > > Hi, > > >This IMS behavior would have been in violation of RFC3261 which specified exactly 32 Hex characters. > > >So, this change should not make much of a difference in this case. > > In reality it probably doesn’t make a difference, > but it would make the IMS procedures “aligned” with > the IETF spec. > > Regards, > > Christer > > On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg > <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> wrote: > > Hi, > > The reason for the empty value comes from IMS > and AKA, where you need to include the user id > already in the initial REGISTER request (this > seems to be missing from RFC 3310, but that’s a > separate topic) in order for the server to > create the challenge, meaning that in the > initial REGISTER request you include an > Authorization header field with the username > parameter carrying the IMS private user > identity, the realm parameter and the uri > parameter. At this point you obviously don’t yet > have the response, so in IMS it is specified > that the response parameter is inserted with an > empty value. > > WHY it was specified that way (instead of simply > not including the response parameter) I don’t > know, but I do know that it has been implemented > and deployed that way for many years. > > Regards, > > Christer > > *From: *sipcore <sipcore-bounces@ietf.org > <mailto:sipcore-bounces@ietf.org>> on behalf of > Rifaat Shekh-Yusef <rifaat.ietf@gmail.com > <mailto:rifaat.ietf@gmail.com>> > *Date: *Thursday, 31 October 2019 at 15.20 > *To: *Alexey Melnikov <aamelnikov@fastmail.fm > <mailto:aamelnikov@fastmail.fm>> > *Cc: *"sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>" > <sipcore-chairs@ietf.org > <mailto:sipcore-chairs@ietf.org>>, > "draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>" > <draft-ietf-sipcore-digest-scheme@ietf.org > <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>, > "iesg@ietf.org <mailto:iesg@ietf.org>" > <iesg@ietf.org <mailto:iesg@ietf.org>>, > "sipcore@ietf.org <mailto:sipcore@ietf.org>" > <sipcore@ietf.org <mailto:sipcore@ietf.org>> > *Subject: *Re: [sipcore] Alexey Melnikov's No > Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > Done. > > On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov > <aamelnikov@fastmail.fm > <mailto:aamelnikov@fastmail.fm>> wrote: > > On Thu, Oct 31, 2019, at 1:11 PM, Rifaat > Shekh-Yusef wrote: > > Hi Alexey, > > I am fine with Paul's suggestion. > > Are you ok with "32*LHEX"? > > Yes! > > Thank you, > > Alexey > > Regards, > > Rfaat > > On Thu, Oct 31, 2019 at 7:22 AM Alexey > Melnikov <aamelnikov@fastmail.fm > <mailto:aamelnikov@fastmail.fm>> wrote: > > Hi Rifaat, > > On Wed, Oct 30, 2019, at 9:50 PM, > Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > I am fine with the first two > comments, and will fix these in > the coming version of the document. > > I am not sure I follow the 3rd > one. Why do you see the need for > a minimum number of hex digits? > > You do say that the number of hex > digits match the hash lenght, so it > is probably Ok. However empty value > is never valid (and I am worried it > might hit some boundary condition > bug in implementations), so > prohibiting it in ABNF would be the > best. > > Best Regards, > > Alexey > > Regards, > > Rifaat > > On Wed, Oct 30, 2019 at 1:16 PM > Alexey Melnikov via Datatracker > <noreply@ietf.org > <mailto:noreply@ietf.org>> wrote: > > Alexey Melnikov has entered > the following ballot > position for > > draft-ietf-sipcore-digest-scheme-12: > No Objection > > When responding, please keep > the subject line intact and > reply to all > > email addresses included in > the To and CC lines. (Feel > free to cut this > > introductory paragraph, > however.) > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about > IESG DISCUSS and COMMENT > positions. > > The document, along with > other ballot positions, can > be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > I am agreeing with Alissa's > DISCUSS. > > Also, I have a few comments > of my own: > > 1) Last para of Section 2.1: > > 2.1. Hash Algorithms > > A UAS prioritizes which > algorithm to use based on > the ordering of the > > challenge header fields > in the response it is preparing. > > This looks either wrong or > confusing to me. I think you > are just saying here > > that the order is decided by > the server at this point. > > That > > process is specified in > section 2.3 and parallels > the process used in > > HTTP specified by [RFC7616]. > > So based on the above, my > suggested replacement for > both sentences: > > A UAS prioritizes which > algorithm to use based on > its policy, > > which is specified in > section 2.3 and parallels > the process used in > > HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > > If the UAC cannot > respond to any of the > challenges in the response, > > then it SHOULD abandon > attempts to send the request > unless a local > > policy dictates otherwise. > > Is trying other non Digest > algorithms covered by > "SHOULD abandon"? > > If yes, maybe you should > make this clearer. > > For example, if the UAC > does not have > > credentials or has stale > credentials for any of the > realms, the UAC > > will abandon the request. > > 3) In Section 2.7: > > request-digest = > LDQUOT *LHEX RDQUOT > > This now allows empty value. > I suggest you specify a > minimum number of hex > > digits allowed in the ABNF. > Or at least change "*LHEX" > to "2*LHEX". > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] Alexey Melnikov's No Objection on draft… Alexey Melnikov via Datatracker
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg