IETF Logo Mail Archive

Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 30 October 2019 23:55 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D70CB120220 for <sipcore@ietfa.amsl.com>; Wed, 30 Oct 2019 16:55:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnLfpG8eNUYi for <sipcore@ietfa.amsl.com>; Wed, 30 Oct 2019 16:55:26 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700086.outbound.protection.outlook.com [40.107.70.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56AFC120125 for <sipcore@ietf.org>; Wed, 30 Oct 2019 16:55:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cUqDITEbbc879/qC1LYnjbs0VaC2YggFkfIZPKeMRcaNiLy7qR+yagJW/rX/R1VL/y++DzjcZiEYtOdlcHWp/UhZgXTP59JIlcEKMiJS8svEpzpxwUB1A9PcMJtfZqk9RnRnCdFES67ypATbipwETKMI2WSIiGwed7ENnRmePjTsk6cyJcPh2jlJOYJIvI7oriB5SKVdqt28MZxoQiwN0sTFAEuvV61Mg7iAFKbKAEElJSUonAIDC/+s6v27vhR8TBCKVaeO1U/lUDT1s7kG1lCsk1rbz3vb1vgfvjuhg92TjaXElWHGx+92nGoWT2lu9nbyZ1jXaTDmXOKMCpGU9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=Nu8vR4JjxIK2vqFuz72L2Gipg0JZcMMP/yGsYKGR9LzanbHqc7iJ6uEimMdS2eW1jwvWQ6FM7sbTk+DSW7Y7zdszCvXKz3qr9QRADpESUWiPJxwutZi8gfphVlriTIrlCiGc5f+eYwCYufPJKIAStZYReP74dWkrjTXVSDotb6TQZjJ1CqIBFugv/qqeuJFCHy/FyoOvYJJfFJxxlDszzbHL5gZKZeJ1xw0vxd0SipD7BjnL9KqJHlml/3jLIbs8pk62aRGYJbpvyn652egbhu3icavbWDaImhclabQVrW88jmjy69eei5AZG0jRCdFrsHpJnoT+d4GW+e/5IjhWgw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=PRCGMhylZLThg61JoYtJF7kT8nxpqxrAA+BoaGHNe3X7dtX+sT56sypONK2KiaVdSEvnO8mOoTEhw7HZtm9kYQDLS0fEppE1JFLNwnIidn952C8us48oetz55l6dD62A8E+gS8srN3gr5Op+jV11YaJ4EwRXDJEWqA1k744JFok=
Received: from DM3PR12CA0129.namprd12.prod.outlook.com (2603:10b6:0:51::25) by DM6PR12MB3452.namprd12.prod.outlook.com (2603:10b6:5:3b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20; Wed, 30 Oct 2019 23:55:25 +0000
Received: from CY1NAM02FT020.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e45::202) by DM3PR12CA0129.outlook.office365.com (2603:10b6:0:51::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.17 via Frontend Transport; Wed, 30 Oct 2019 23:55:25 +0000
Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT020.mail.protection.outlook.com (10.152.75.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 30 Oct 2019 23:55:24 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9UNtMC6009258 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <sipcore@ietf.org>; Wed, 30 Oct 2019 19:55:22 -0400
To: sipcore@ietf.org
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <CAGL6epJgyr_VUYgKCgxDcP5ObKWErtDCHxaX7JusUYPXu=a6jQ@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <448e3852-10d8-8717-7b76-e1ea30f02e3e@alum.mit.edu>
Date: Wed, 30 Oct 2019 19:55:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CAGL6epJgyr_VUYgKCgxDcP5ObKWErtDCHxaX7JusUYPXu=a6jQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(136003)(376002)(346002)(396003)(18543002)(189003)(199004)(126002)(88552002)(6246003)(11346002)(476003)(76130400001)(246002)(31696002)(65806001)(65956001)(53546011)(2616005)(58126008)(36906005)(305945005)(7596002)(478600001)(186003)(956004)(2361001)(2870700001)(316002)(75432002)(26005)(50466002)(8936002)(2351001)(31686004)(786003)(486006)(70206006)(2906002)(70586007)(76176011)(229853002)(8676002)(14444005)(106002)(86362001)(356004)(446003)(2486003)(966005)(336012)(26826003)(23676004)(6306002)(6916009)(47776003)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3452; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b63471bf-f8fb-42ed-a528-08d75d94a190
X-MS-TrafficTypeDiagnostic: DM6PR12MB3452:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <DM6PR12MB34527D67BB3F8D4709301C53F9600@DM6PR12MB3452.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 02065A9E77
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: W1dJ3mStCHH8gKAjn5G3xfG5Fa920IOMMBCgOu/bStO6x1qLO8DTzFcxG/wEzNM5HfurZKOIh/pfacVS7eVu9qjGkVui24wfw3uR+f8W5SPxyC74EyDvpEghz7gQaQqmWBu+mZWYdnXz6sjhv8ANd/Yc0x/qPxQbHgWR/xaSe0ebuFTTW1qlhSFSJlpGOlS50bl/uW54xdOXwDT4ZFlP5TuNTTrH0Gv1GNw7/O8peiGrIa4hD2kTv76Ti1KA6XhrvVKNJJ05qmwrpQgvN17qyTZ6kNhn+J4BYrPXZKQf616kCPz3t9k5PCbPHSrgDtltwere4zUTsFqAClSM9Bhdhg1a78I8jyAAFXX1ronVDTeI1X3jip54ZtmLgOgM1XWu830p/s2Aok9qoOAG9tsWdfYcKfDn+dGw0V00Om9Jk7q32yPIWkxfpp/XjCS5nX52txsRXk/HuGIVgmfTc0ohkjz5ELipcix7bWV4v8VXrUg=
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2019 23:55:24.1627 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b63471bf-f8fb-42ed-a528-08d75d94a190
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3452
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/z3tsC1iyw3i3E_W0SaK7i7l-9qk>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 23:55:29 -0000

On 10/30/19 5:50 PM, Rifaat Shekh-Yusef wrote:
> Thanks Alexey!
> 
> I am fine with the first two comments, and will fix these in the coming 
> version of the document.
> 
> I am not sure I follow the 3rd one.. Why do you see the need for a 
> minimum number of hex digits?

The number of digits is determined by the algorithm. Since MD5 has 32 
hex digits, and is deemed unacceptable now, I think we can safely 
restrict this to a minimum of 32 digits.

	Thanks,
	Paul

> Regards,
>   Rifaat
> 
> 
> 
> On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker 
> <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
> 
>     Alexey Melnikov has entered the following ballot position for
>     draft-ietf-sipcore-digest-scheme-12: No Objection
> 
>     When responding, please keep the subject line intact and reply to all
>     email addresses included in the To and CC lines. (Feel free to cut this
>     introductory paragraph, however.)
> 
> 
>     Please refer to
>     https://www.ietf.org/iesg/statement/discuss-criteria.html
>     for more information about IESG DISCUSS and COMMENT positions.
> 
> 
>     The document, along with other ballot positions, can be found here:
>     https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/
> 
> 
> 
>     ----------------------------------------------------------------------
>     COMMENT:
>     ----------------------------------------------------------------------
> 
>     I am agreeing with Alissa's DISCUSS.
> 
>     Also, I have a few comments of my own:
> 
>     1) Last para of Section 2.1:
> 
>     2.1.  Hash Algorithms
> 
>         A UAS prioritizes which algorithm to use based on the ordering
>     of the
>         challenge header fields in the response it is preparing.
> 
>     This looks either wrong or confusing to me. I think you are just
>     saying here
>     that the order is decided by the server at this point.
> 
>         That
>         process is specified in section 2.3 and parallels the process
>     used in
>         HTTP specified by [RFC7616].
> 
>     So based on the above, my suggested replacement for both sentences:
> 
>         A UAS prioritizes which algorithm to use based on its policy,
>         which is specified in section 2.3 and parallels the process used in
>         HTTP specified by [RFC7616].
> 
>     2) Last para of Section 2.4:
> 
>         If the UAC cannot respond to any of the challenges in the response,
>         then it SHOULD abandon attempts to send the request unless a local
>         policy dictates otherwise.
> 
>     Is trying other non Digest algorithms covered by "SHOULD abandon"?
>     If yes, maybe you should make this clearer.
> 
>         For example, if the UAC does not have
>         credentials or has stale credentials for any of the realms, the UAC
>         will abandon the request.
> 
>     3) In Section 2.7:
> 
>            request-digest = LDQUOT *LHEX RDQUOT
> 
>     This now allows empty value. I suggest you specify a minimum number
>     of hex
>     digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX".
> 
> 
> 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>

v2.23.0 | Report a Bug | By Email