IETF Logo Mail Archive

Re: [sipcore] draft-ietf-sipcore-digest-scheme comments

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Sat, 25 May 2019 11:27 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2485F120099 for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 04:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ifokVZjHtgHK for <sipcore@ietfa.amsl.com>; Sat, 25 May 2019 04:27:35 -0700 (PDT)
Received: from mail-it1-x12e.google.com (mail-it1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69F0012001A for <sipcore@ietf.org>; Sat, 25 May 2019 04:27:35 -0700 (PDT)
Received: by mail-it1-x12e.google.com with SMTP id j17so13131738itk.0 for <sipcore@ietf.org>; Sat, 25 May 2019 04:27:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pePvwOfGaSAB/zif/jT0ckM+ZsXi1rwyqYeI2QrwbZY=; b=AgrjsBezN6Vj6SiSYb67XxDcGSVDvrXRWwiVcjD9xa5cvynzQXixyQiTuP9tYdcd0/ HBjMfmi66v3/LIzzB9vgROxatI5SBWbQBBMGzzuMVpw14ie0KoW4ta7fU6Vzc4oSldZ/ FatMHU9l56QJaiEdxZW04nwgPiL0xRgMMh2myWL0juD/R9fUnxJfnoDjulethfOgYTQS N7BOAecteW8b4AIQ2aZpRU4BFQziiQSgfHH9uKtIn8R/K4CEx2dywEiTWzo35oe0b4rE r1p+6HGTBtajITycY+jYPE/WNA6IlgUHQAHfwyqHG5DJEPUlLvKun3/s43f9tjn2ULZB akvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pePvwOfGaSAB/zif/jT0ckM+ZsXi1rwyqYeI2QrwbZY=; b=MJQVZwdPuYfo/B5Ae7k8W2AAokCFGHjkfn3a0bE7RgZCOpJw2PgpBEosrY44kIsksa 3eIZv3hyQaa/w8JGSDCsz+wdGQS0cwYxrMp7Aht7AgV7uOo9tho7aZvxjmXpqJ4qn5Xz YBXf1V3v5z2QwkmwYEzZXd53H23TRw8h+Sp4W936NE8ZyugyOt+Y4Kgw5oaz5eC49zb5 HdkpghMSKoDApHIbU3a2eamxaWsiAxoWmWd8f5a0Jrl4ACcc9+4gH78yUYJ5C/u2hk9s PyIjLkQJVrohN1sMH7TH9yZQ+Hx8MpXEreQBEbVG6qRp+0ANU4eYPVkIg7suNrweUBSs 2Zcw==
X-Gm-Message-State: APjAAAV4LCe0SEQd04NrCVxhzfrvNDB1T7fveEoIIXY1/whTkd2Bre3K FLw0GpoSE4o79ME9cn23QiFNqz4EIDgLcMZFGDoAcz5yYwM=
X-Google-Smtp-Source: APXvYqwtPK15T76FXGQGvDjtU/fQQIBPfuyx0srbazi6flWVngP/i+VlkA9J9HPDeTod6OL0umMxORiDWfXtDrJL2P4=
X-Received: by 2002:a02:660c:: with SMTP id k12mr5349152jac.25.1558783654658; Sat, 25 May 2019 04:27:34 -0700 (PDT)
MIME-Version: 1.0
References: <DE595AFF-5DEA-4A32-8527-10B841D6C7C1@edvina.net> <CAGL6epLMHoneH6PNgeF5TgJhveh-xWeZSW6XQDBB2Gf5mS9eRQ@mail.gmail.com> <C1431DCD-C4DD-4BFA-9C5D-E4DFE7B0F2DA@edvina.net>
In-Reply-To: <C1431DCD-C4DD-4BFA-9C5D-E4DFE7B0F2DA@edvina.net>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Sat, 25 May 2019 07:27:23 -0400
Message-ID: <CAGL6epKzTmukk1U4jJUgfM45woXepaBB6bWNUoiER_Hwknzq+w@mail.gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Cc: SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000485b70589b49acc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/rPQ_azcAmXPnIE1ryfTAmxYMJz8>
Subject: Re: [sipcore] draft-ietf-sipcore-digest-scheme comments
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 May 2019 11:27:39 -0000

Inline...

On Mon, May 20, 2019 at 1:40 AM Olle E. Johansson <oej@edvina.net> wrote:

>
>
> On 18 May 2019, at 20:37, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
> wrote:
>
> Thanks Olle!
>
> See my replies below.
>
> Regards,
>  Rifaat
>
>
>
>
> On Fri, May 17, 2019 at 9:38 AM Olle E. Johansson <oej@edvina.net> wrote:
>
>> Hi!
>> Sorry to be late in this discussion.
>>
>> " This document updates the Digest Access Authentication scheme used by
>>    the Session Initiation Protocol (SIP) to add support for secure
>>    digest algorithms to replace the broken MD5 algorithm.”
>>
>> I would suggest changing “for secure” to “for more secure” to be a bit
>> humble.
>> In XXX years, the schemes suggested here will be less secure than now.
>> The good thing is that we don’t have to update this document every time
>> IANA adds a new algorithm to the registry. :-)
>>
>
> Ok
>
>
>
>>
>> section 2: "SHA- 256” - remove the extra space. Also, there’s an extra
>> quotation mark at the end of the section.
>>
>> Ok
>
>
>
>> Section 2.1:
>>
>> "Note that [RFC7616
>> ] defines a -sess variant for each algorithm; the
>>    -sess variants are not used with SIP.”
>>
>> Is this already forbidden in 3261 or is this new proposed language? If
>> so, “are not” should propably
>> be something like “MUST not”
>>
>> I do not think that 3261 forbids the -sess variant, and I do not see the
> need to forbid it here either
>
> So then I suggest we remove the statement that the -sess variants are not
> used with SIP.
>
>
>
>
>> Section 2.2:
>>
>> Is this an update to 7616 or just an explanation of 7616?
>>
>
> No update, just an explanation.
>
>
>>
>> Section 2.4:
>>
>> "When the UAC receives a response with multiple header fields with the
>>    same realm it SHOULD use the topmost header field that it supports,
>>    unless a local policy dictates otherwise.”
>>
>> Why a SHOULD? I would prefer a MUST.
>>
>
> I can do that, but the last part of this paragraph states that local
> policy can override this recommendations anyway.
> So, does it make any difference?
>
> Should we allow that? Why would local policy enforce a downgrade?
>

This is meant to provide the client with the ability to decide on the
priority of the algorithm to use when the client supports more than one
strong algorithm.


>
>>
>> “When the UAC receives a 401 response with multiple WWW-Authenticate
>>    header fields with different realms it SHOULD retry and include an
>>    Authorization header field containing credentials that match the
>>    topmost header field of any one of the realms.”
>>
>> If you are disallowing multiple Authorization headers for the same realm,
>> but with different algorithms I think this should be clearly written. In
>> my
>> view, that would be a good thing.
>>
>
> This is allowed.
>
>
>>
>>  "8.  Servers MUST be able to properly handle "qop" parameter received
>>    in an authorization header field, and clients MUST be able to
>>    properly handle "qop" parameter received in WWW-Authenticate and
>>    Proxy-Authenticate header fields.  Servers MUST always send a "qop"
>>    parameter in WWW-Authenticate and Proxy-Authenticate header field
>>    values, and clients MUST send the "qop" parameter in any resulting
>>    authorization header field.”
>>
>> This is not clear. If the servers MUST always send “qop” then we
>> add that to SIP 2.0 with no backwards options or compatibility.
>> Since you write “clients MUST be able to”… it seems like you
>> assume that clients have a choise of whether they use it. I think
>> one has to be a bit more clear so developers understands how
>> to modify their implementations.
>>
>> In addition:
>> Are we ready to require that all SIP 2.0 compliant software support QOP?
>>
>>
> Here is a quote form RFC3261:
>
> "Use of the "qop" parameter is optional in RFC 2617 for the purposes
> of backwards compatibility with RFC 2069; since RFC 2543 was
> based on RFC 2069, the "qop" parameter must unfortunately
> remain optional for clients and servers to receive."
>
>
> That is no longer the case with RFC7616.
>
> Since this is a change from RFC 3261 we propably want clarify that for
> developers.
> I think that if we want to modify RFC7616 for SIP, we can. The question
> still
> stands - are we ready to change the way current auth works today in
> SIP/2.0. There’s
> a lot of implementations out there that will suddenly not be
> standard-following.
>
> I’m not saying it’s a bad thing, just that we have to understand the
> implication.
>
>
> Here is the following part of the quote:

          remain optional for clients and servers to receive.  *However,
          servers MUST always send a "qop" parameter in WWW-Authenticate
          and Proxy-Authenticate header field values.  If a client
          receives a "qop" parameter in a challenge header field, it
          MUST send the "qop" parameter in any resulting authorization
          header field.*


RFC3261 already requires the servers to include "qop" in the challenge and
requires the client to include the "qop" in the response.
The change is that the client must now send "qop" in the Authorize header
in the initial request, not only in response to a challenge.
Are you saying that clients do not do that today?




>
>
>
>> I would like to run an online-SIPit when we have software that supports
>> this
>> so we can test the behaviour, especially looking into downgrade attacks.
>>
>> Take a look at the security considerations section for more information
> about downgrade attacks recommendations.
>
>
>
>> And as Dave said, I don’t see any priority in the IANA registry. RFC 7616
>> mentions
>> “strongest” algorithm. "A user agent MUST choose to use the strongest
>> auth-scheme it
>>    understands and request credentials from the user based upon that
>>    challenge.” and then adds "When the server offers choices of
>> authentication schemes using the
>>    WWW-Authenticate header field, the strength of the resulting
>>    authentication is only as good as that of the of the weakest of the
>>    authentication schemes.”
>>
>> I don’t find any definition of “strong algorithm” in RFC 7616.
>>
>> See section 3.7
> https://tools.ietf.org/html/rfc7616#section-3.7
>
> I will make it clearer.
>
> But that is not part of the registry, so what happens if I somewhere in
> the future add Edvina-9042 to
> the registry? What’s the order then? This section just says what’s
> mandatory to implement but doesn’t
> say anything about priority or which one that is the “strongest” one.
>
> I like the idea of a prioritized list for developers with some “strength”
> weight but fail to find one
> in these documents.  There has to be some advice in some RFC somewhere.
> …at this point I can’t find anything out there.
>
>
I do not think that we need to explicitly prioritize the algorithms,
because every time you add new algorithm the priority will change.
It is up to the server to device on the priority based on the placement of
the algorithm in the response.

Regards,
 Rifaat



> Cheers,
> /O
>
>
>
>
>> Note that this document also suggests that UACs remember the “strongest”
>> algorithm used by a specific server/service and refuse a downgrade attack
>> - without discussing any implementation issues.
>>
>>
>> Good work. A small step forward!
>>
>> Cheers,
>> /O
>>
>>
>> _______________________________________________
>> sipcore mailing list
>> sipcore@ietf.org
>> https://www.ietf.org/mailman/listinfo/sipcore
>>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>
>
>

v2.23.0 | Report a Bug | By Email