Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 04 November 2019 14:43 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75FE120099 for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:43:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tzp8SEB9skAq for <sipcore@ietfa.amsl.com>; Mon, 4 Nov 2019 06:43:39 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00053.outbound.protection.outlook.com [40.107.0.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31B44120119 for <sipcore@ietf.org>; Mon, 4 Nov 2019 06:43:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LtGJqot5GmB51p7XAY+OesEPY4nUQqqmPOUkr9E8mQ8Z84oLUh85gVe5mBbgHSkzaz+E0iq8x+/6uzYzK8xofWAeiAhGPMASJP1RPd8G0XfH8nU+X6uzWpM0j6EY4ncONS/FV0N21qABSMT+R4cg5uDZTEPDJwsiQOvdnp27QuY6uVHdbCyd5egeLj9AP0LtzQ8PG6iha5p7XcbQPiU2Pcb7sZ92798YVwSTD9iCNZIhmBD+LPQ9qEddgflzmCmiygy2suRailJOyb/UwZy31eTMbXbMelU4DFCRTAnBDqag5DAov+1YJ2f69lDatj7bYSLEQWP2CzchcSRfWfndbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rz0ljNXdD/ZMFuFSv49L/3irX++IpgMdYUgXlG33amQ=; b=m/bYsBiPZ8hOlnnSFdWOcsZ2kqMm5BPg2mlGZO6qqAGbjdDlY/tMyLSW7QpgXtxnp1d66aZSbho81509tfVUSEQCMM7lofDf8QvjE65YgU8NwfPj+kVeuvjhpKNNYzsVad+l9W8/365bIlQS9w/wzhbKNFha4EhDN1l8vmY7s7n6PqRTJW2Z2H3iamGZIh8asNDIZU1cgj2JgsYean99xTroSypYWonmrqu7qAr0ohxUGoK7pjtqa7TzSq0N3+ii1SSDADf7/eb5ZRhKFyg7HGTEvkq6zFFVTEm1lItV+AH/lkaE40bT8VLyOAnyHUZeIrcEPXQ2LmTsH7OJcBd86g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rz0ljNXdD/ZMFuFSv49L/3irX++IpgMdYUgXlG33amQ=; b=NZe4l1A1051DLXjeJD1wC4quz8l28+j8EBmx52ldVTg4EhLFDB1H0vhe9T8H1qMyIcn119XIrgFfiG62JKp0xHvJiIaRanUiqHGUG49/F7mnPrJIQx6+bjnKQGutBy5w8vg3Gujrpo944WtyIOyJanSs6OJ/Z5Y6j3UhKZKTsGA=
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com (10.175.243.17) by VI1PR07MB3184.eurprd07.prod.outlook.com (10.175.243.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.16; Mon, 4 Nov 2019 14:43:36 +0000
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::41a:f6a0:9660:bc09]) by VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::41a:f6a0:9660:bc09%3]) with mapi id 15.20.2430.014; Mon, 4 Nov 2019 14:43:36 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA///hPYCAACLmgIAAH3GA///5uYCAAClCgIAAHA2AgADDMwCAABEIgIADIi+AgACUUBuAABsAgIAA4h8AgABLx4CAACWRAA==
Date: Mon, 04 Nov 2019 14:43:36 +0000
Message-ID: <A2A6D8E7-E46E-4FE3-BB81-CB6049819FED@ericsson.com>
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <CAGL6epLQS9xqHybZLTk1qM4i_LaDWVk8-iF0-0e_osf271R_Rg@mail.gmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <CAGL6epLrJYPaaYwFQjP8Lk3Uc3PUogtfPyxE5FsoTMJs3GvsgA@mail.gmail.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> <CAGL6epLp=x+Z3g+BZAYsmOob1pkchnvRObnJ7JfTSWES8xaEmA@mail.gmail.com> <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> <CAGL6epJToAGBnvxNO0kTu74AtTL7eSqvsRyemKRt4=RBgU8z8g@mail.gmail.com> <7D911FFD-814F-4DCF-A13E-C3E19A5D0EE5@ericsson.com> <064B1BB7-6D54-453B-B58B-527EC3B9D78D@fastmail.fm> <CAGL6ep+b77z=W8ig6b5yzPAYir4rdAk8YTRbW58xkw0QRHgnNA@mail.gmail.com> <HE1PR07MB31611E03B4AE9575E9C224D8937C0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAGL6epLH0ioOP2ZK5nv-awwZbCciV8hyQcYKWXE6XM9xt-YWwg@mail.gmail.com> <84CA4DD0-3877-46A0-8772-43F35BB788A3@ericsson.com> <cd6ddae6-df5e-cec7-091a-22d3de264b02@alum.mit.edu>
In-Reply-To: <cd6ddae6-df5e-cec7-091a-22d3de264b02@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 839b3e8b-b8a4-4e76-ba77-08d761356000
x-ms-traffictypediagnostic: VI1PR07MB3184:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <VI1PR07MB31849B65E4F595F229951C32937F0@VI1PR07MB3184.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(366004)(346002)(376002)(136003)(18543002)(189003)(199004)(6116002)(3846002)(91956017)(76116006)(66476007)(66556008)(66446008)(66946007)(256004)(2906002)(64756008)(99286004)(26005)(6506007)(53546011)(102836004)(305945005)(2616005)(2501003)(14444005)(316002)(76176011)(446003)(11346002)(110136005)(36756003)(71200400001)(71190400001)(58126008)(33656002)(86362001)(478600001)(14454004)(6306002)(6512007)(966005)(186003)(44832011)(229853002)(6486002)(7736002)(486006)(476003)(5660300002)(25786009)(2171002)(8676002)(8936002)(81156014)(81166006)(6436002)(66066001)(6246003)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB3184; H:VI1PR07MB3167.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F2fwtNyZ1Uzi1ilHqS20pyCATNKD9MQmWn16nQQluaF7SUHofuYx5XrrC+7AHltT4RdeTjengUOG8gCdCGk5fEkvJAnYkLDAYeQ58lQSgyaHX4nO9dQ8/Kbjrrh1FAi8RIYawxSTkDHItIdLXVX2A8voJulMw1ktipnR/cs2VgM4eFE0a1cOvw/2lHQRHpiEvs51fAGFZD2QKJlIdD4fqkI/pssuN0XKiL2fumGfeT+uaL0DxDzryvLSk0PjnLWSng4zRIfADfRjAzY8Z36RxoAl5ejNBSKBE1C7yFvVhslg2m+X6qhTsUNlFitteg1CAo94nBH4ppmvQQeaEgB3FC+vEcenDGU/sl1+8wVhfr8v15/fdfFqQo8rlTb9qSrCzj94C34lB7u7u0KKOCD5mMLET7bqlRnNKFSB9L4mVLBybHuwJ+Ue2GvB68B+YZMU1hfGRdY7J4yasFlO9+cM+0vNKu5wP76O4IWB9Ib9slI=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <44B280343155DE47A09449CABD8E5694@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 839b3e8b-b8a4-4e76-ba77-08d761356000
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 14:43:36.6286 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B3agfbb9qYZcXv/Apq1CX4CXyZ6fLs9pSov2SM4xWM9fe2Ec/KBwavAlQtZk+y7xjRNA7lw0UibTgc1kt9dfE3fMh38ZDAJrDWmfLOVHeWY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3184
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/wAr6HdUXJVknzaJXowvsEafS_4k>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 14:43:43 -0000
Hi,
>>>I am not sure I am following, What do you mean by "challenge response not being provided"?
>>
>> The response to the challenge provided by the server.
>>
>> If you think it is unclear, maybe something like:
>>
>> “A parameter with an empty value (empty string) is allowed when the UAC
>> has not yet received a challenge."
>
> I'm confused. When is this behavior appropriate and what does it mean?
As I explained earlier, there are cases (IMS AKA) where the Authorization header field is sent before a challenge has been received, and 3GPP specified that an empty response parameter is included in such cases.
Regards,
Christer
> Regards,
>
> Christer
>
> On Sun, Nov 3, 2019 at 1:53 PM Christer Holmberg
> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>
> wrote:
>
> Hi,
>
> I am fine with the suggestion, but instead of talking about an
> algorithm not being provided I would like to talk about a *challenge
> response* not being provided.
>
> Regards,
>
> Christer
>
> ------------------------------------------------------------------------
>
> *From:*Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
> <mailto:rifaat.ietf@gmail.com>>
> *Sent:* Sunday, November 3, 2019 12:01 PM
> *To:* Alexey Melnikov <aamelnikov@fastmail.fm
> <mailto:aamelnikov@fastmail.fm>>
> *Cc:* Christer Holmberg <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>>; sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org> <sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>>;
> draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>
> <draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>; The IESG
> <iesg@ietf.org <mailto:iesg@ietf.org>>; SIPCORE <sipcore@ietf.org
> <mailto:sipcore@ietf.org>>
> *Subject:* Re: [sipcore] Alexey Melnikov's No Objection on
> draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
>
> Alexey, Christer,
>
> How about the following:
>
> 1. Change the ABNF to "request-digest = LDQUOT *LHEX RDQUOT"
>
> 2. Change the text below it to say "The number of hex digits is
> implied by the length of the value of the algorithm used, with the
> minimum size of 32. A parameter with an empty value (empty string)
> is allowed when the algorithm is not specified.""
>
> Regards,
>
> Rifaat
>
> On Fri, Nov 1, 2019 at 6:10 AM Alexey Melnikov
> <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>> wrote:
>
> On 1 Nov 2019, at 07:09, Christer Holmberg
> <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>> wrote:
>
> Hi,
>
> >I do not have a strong opinion here.
>
> >
>
> >Anybody has an opinion or thoughts about adding such a text?
>
> In addition we’d obviously also change the ABNF back, to
> allow empty values.
>
> If the ABNF is changed back for this, I think some extra text
> would be useful.
>
> Regards,
>
> Christer
>
> On Thu, Oct 31, 2019 at 1:50 PM Christer Holmberg
> <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>> wrote:
>
> Something like this:
>
> “In some cases a UAC needs to include an Authorization
> header field in a request before it has received a
> challenge, in order to provide user information (using
> the ‘userinfo’ header field parameter) that is needed in
> order to create the challenge. An example of such case
> is when the HTTP Digest Authentication Using AKA
> mechanism (RFC3310) (RFC4169) is used. In such case the
> Authorization header field would typically not contain a
> ‘response’ header field parameter before a challenge
> response is provided. However, for the IP Multimedia
> Subsystem (IMS) it has been specified that the
> Authorization header field in such case does contain a
> ‘response’ header field parameter, with an empty value
> (empty string). For that reason the modified
> request-digest ABNF allows such empty values.”
>
> Regards,
>
> Christer
>
> *From: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
> <mailto:rifaat.ietf@gmail.com>>
> *Date: *Thursday, 31 October 2019 at 19.22
> *To: *Christer Holmberg <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>>
> *Cc: *Christer Holmberg
> <christer.holmberg=40ericsson.com@dmarc.ietf.org
> <mailto:40ericsson.com@dmarc.ietf.org>>,
> "sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>"
> <sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>>,
> "draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
> <draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
> "iesg@ietf.org <mailto:iesg@ietf.org>" <iesg@ietf.org
> <mailto:iesg@ietf.org>>, "sipcore@ietf.org
> <mailto:sipcore@ietf.org>" <sipcore@ietf.org
> <mailto:sipcore@ietf.org>>, Alexey Melnikov
> <aamelnikov@fastmail.fm <mailto:aamelnikov@fastmail.fm>>
> *Subject: *Re: [sipcore] Alexey Melnikov's No Objection
> on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
>
> Can you propose some text?
>
> Thanks,
>
> Rifaat
>
> On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg
> <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>> wrote:
>
> Hi,
>
> Perhaps we could add some text about the IMS
> use-case, in order to explain the empty value?
>
> Regards,
>
> Christer
>
> *From: *sipcore <sipcore-bounces@ietf.org
> <mailto:sipcore-bounces@ietf.org>> on behalf of
> Christer Holmberg
> <christer.holmberg=40ericsson.com@dmarc.ietf.org
> <mailto:40ericsson.com@dmarc.ietf.org>>
> *Date: *Thursday, 31 October 2019 at 15.52
> *To: *Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
> <mailto:rifaat.ietf@gmail.com>>
> *Cc: *"sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>"
> <sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>>,
> "draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
> <draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
> "iesg@ietf.org <mailto:iesg@ietf.org>"
> <iesg@ietf.org <mailto:iesg@ietf.org>>,
> "sipcore@ietf.org <mailto:sipcore@ietf.org>"
> <sipcore@ietf.org <mailto:sipcore@ietf.org>>, Alexey
> Melnikov <aamelnikov@fastmail.fm
> <mailto:aamelnikov@fastmail.fm>>
> *Subject: *Re: [sipcore] Alexey Melnikov's No
> Objection on draft-ietf-sipcore-digest-scheme-12:
> (with COMMENT)
>
> Hi,
>
> >This IMS behavior would have been in violation of RFC3261 which specified exactly 32 Hex characters.
>
> >So, this change should not make much of a difference in this case.
>
> In reality it probably doesn’t make a difference,
> but it would make the IMS procedures “aligned” with
> the IETF spec.
>
> Regards,
>
> Christer
>
> On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg
> <christer.holmberg@ericsson.com
> <mailto:christer.holmberg@ericsson.com>> wrote:
>
> Hi,
>
> The reason for the empty value comes from IMS
> and AKA, where you need to include the user id
> already in the initial REGISTER request (this
> seems to be missing from RFC 3310, but that’s a
> separate topic) in order for the server to
> create the challenge, meaning that in the
> initial REGISTER request you include an
> Authorization header field with the username
> parameter carrying the IMS private user
> identity, the realm parameter and the uri
> parameter. At this point you obviously don’t yet
> have the response, so in IMS it is specified
> that the response parameter is inserted with an
> empty value.
>
> WHY it was specified that way (instead of simply
> not including the response parameter) I don’t
> know, but I do know that it has been implemented
> and deployed that way for many years.
>
> Regards,
>
> Christer
>
> *From: *sipcore <sipcore-bounces@ietf.org
> <mailto:sipcore-bounces@ietf.org>> on behalf of
> Rifaat Shekh-Yusef <rifaat.ietf@gmail.com
> <mailto:rifaat.ietf@gmail.com>>
> *Date: *Thursday, 31 October 2019 at 15.20
> *To: *Alexey Melnikov <aamelnikov@fastmail.fm
> <mailto:aamelnikov@fastmail.fm>>
> *Cc: *"sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>"
> <sipcore-chairs@ietf.org
> <mailto:sipcore-chairs@ietf.org>>,
> "draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>"
> <draft-ietf-sipcore-digest-scheme@ietf.org
> <mailto:draft-ietf-sipcore-digest-scheme@ietf.org>>,
> "iesg@ietf.org <mailto:iesg@ietf.org>"
> <iesg@ietf.org <mailto:iesg@ietf.org>>,
> "sipcore@ietf.org <mailto:sipcore@ietf.org>"
> <sipcore@ietf.org <mailto:sipcore@ietf.org>>
> *Subject: *Re: [sipcore] Alexey Melnikov's No
> Objection on
> draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
>
> Done.
>
> On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov
> <aamelnikov@fastmail.fm
> <mailto:aamelnikov@fastmail.fm>> wrote:
>
> On Thu, Oct 31, 2019, at 1:11 PM, Rifaat
> Shekh-Yusef wrote:
>
> Hi Alexey,
>
> I am fine with Paul's suggestion.
>
> Are you ok with "32*LHEX"?
>
> Yes!
>
> Thank you,
>
> Alexey
>
> Regards,
>
> Rfaat
>
> On Thu, Oct 31, 2019 at 7:22 AM Alexey
> Melnikov <aamelnikov@fastmail.fm
> <mailto:aamelnikov@fastmail.fm>> wrote:
>
> Hi Rifaat,
>
> On Wed, Oct 30, 2019, at 9:50 PM,
> Rifaat Shekh-Yusef wrote:
>
> Thanks Alexey!
>
> I am fine with the first two
> comments, and will fix these in
> the coming version of the document.
>
> I am not sure I follow the 3rd
> one. Why do you see the need for
> a minimum number of hex digits?
>
> You do say that the number of hex
> digits match the hash lenght, so it
> is probably Ok. However empty value
> is never valid (and I am worried it
> might hit some boundary condition
> bug in implementations), so
> prohibiting it in ABNF would be the
> best.
>
> Best Regards,
>
> Alexey
>
> Regards,
>
> Rifaat
>
> On Wed, Oct 30, 2019 at 1:16 PM
> Alexey Melnikov via Datatracker
> <noreply@ietf.org
> <mailto:noreply@ietf.org>> wrote:
>
> Alexey Melnikov has entered
> the following ballot
> position for
>
> draft-ietf-sipcore-digest-scheme-12:
> No Objection
>
> When responding, please keep
> the subject line intact and
> reply to all
>
> email addresses included in
> the To and CC lines. (Feel
> free to cut this
>
> introductory paragraph,
> however.)
>
> Please refer to
> https://www.ietf.org/iesg/statement/discuss-criteria.html
>
> for more information about
> IESG DISCUSS and COMMENT
> positions.
>
> The document, along with
> other ballot positions, can
> be found here:
>
> https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/
>
> ----------------------------------------------------------------------
>
> COMMENT:
>
> ----------------------------------------------------------------------
>
> I am agreeing with Alissa's
> DISCUSS.
>
> Also, I have a few comments
> of my own:
>
> 1) Last para of Section 2.1:
>
> 2.1. Hash Algorithms
>
> A UAS prioritizes which
> algorithm to use based on
> the ordering of the
>
> challenge header fields
> in the response it is preparing.
>
> This looks either wrong or
> confusing to me. I think you
> are just saying here
>
> that the order is decided by
> the server at this point.
>
> That
>
> process is specified in
> section 2.3 and parallels
> the process used in
>
> HTTP specified by [RFC7616].
>
> So based on the above, my
> suggested replacement for
> both sentences:
>
> A UAS prioritizes which
> algorithm to use based on
> its policy,
>
> which is specified in
> section 2.3 and parallels
> the process used in
>
> HTTP specified by [RFC7616].
>
> 2) Last para of Section 2.4:
>
> If the UAC cannot
> respond to any of the
> challenges in the response,
>
> then it SHOULD abandon
> attempts to send the request
> unless a local
>
> policy dictates otherwise.
>
> Is trying other non Digest
> algorithms covered by
> "SHOULD abandon"?
>
> If yes, maybe you should
> make this clearer.
>
> For example, if the UAC
> does not have
>
> credentials or has stale
> credentials for any of the
> realms, the UAC
>
> will abandon the request.
>
> 3) In Section 2.7:
>
> request-digest =
> LDQUOT *LHEX RDQUOT
>
> This now allows empty value.
> I suggest you specify a
> minimum number of hex
>
> digits allowed in the ABNF.
> Or at least change "*LHEX"
> to "2*LHEX".
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>
_______________________________________________
sipcore mailing list
sipcore@ietf.org
https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] Alexey Melnikov's No Objection on draft… Alexey Melnikov via Datatracker
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg