Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 30 October 2019 23:55 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D70CB120220 for <sipcore@ietfa.amsl.com>; Wed, 30 Oct 2019 16:55:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnLfpG8eNUYi for <sipcore@ietfa.amsl.com>; Wed, 30 Oct 2019 16:55:26 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700086.outbound.protection.outlook.com [40.107.70.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56AFC120125 for <sipcore@ietf.org>; Wed, 30 Oct 2019 16:55:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cUqDITEbbc879/qC1LYnjbs0VaC2YggFkfIZPKeMRcaNiLy7qR+yagJW/rX/R1VL/y++DzjcZiEYtOdlcHWp/UhZgXTP59JIlcEKMiJS8svEpzpxwUB1A9PcMJtfZqk9RnRnCdFES67ypATbipwETKMI2WSIiGwed7ENnRmePjTsk6cyJcPh2jlJOYJIvI7oriB5SKVdqt28MZxoQiwN0sTFAEuvV61Mg7iAFKbKAEElJSUonAIDC/+s6v27vhR8TBCKVaeO1U/lUDT1s7kG1lCsk1rbz3vb1vgfvjuhg92TjaXElWHGx+92nGoWT2lu9nbyZ1jXaTDmXOKMCpGU9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=Nu8vR4JjxIK2vqFuz72L2Gipg0JZcMMP/yGsYKGR9LzanbHqc7iJ6uEimMdS2eW1jwvWQ6FM7sbTk+DSW7Y7zdszCvXKz3qr9QRADpESUWiPJxwutZi8gfphVlriTIrlCiGc5f+eYwCYufPJKIAStZYReP74dWkrjTXVSDotb6TQZjJ1CqIBFugv/qqeuJFCHy/FyoOvYJJfFJxxlDszzbHL5gZKZeJ1xw0vxd0SipD7BjnL9KqJHlml/3jLIbs8pk62aRGYJbpvyn652egbhu3icavbWDaImhclabQVrW88jmjy69eei5AZG0jRCdFrsHpJnoT+d4GW+e/5IjhWgw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=PRCGMhylZLThg61JoYtJF7kT8nxpqxrAA+BoaGHNe3X7dtX+sT56sypONK2KiaVdSEvnO8mOoTEhw7HZtm9kYQDLS0fEppE1JFLNwnIidn952C8us48oetz55l6dD62A8E+gS8srN3gr5Op+jV11YaJ4EwRXDJEWqA1k744JFok=
Received: from DM3PR12CA0129.namprd12.prod.outlook.com (2603:10b6:0:51::25) by DM6PR12MB3452.namprd12.prod.outlook.com (2603:10b6:5:3b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20; Wed, 30 Oct 2019 23:55:25 +0000
Received: from CY1NAM02FT020.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e45::202) by DM3PR12CA0129.outlook.office365.com (2603:10b6:0:51::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.17 via Frontend Transport; Wed, 30 Oct 2019 23:55:25 +0000
Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT020.mail.protection.outlook.com (10.152.75.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 30 Oct 2019 23:55:24 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9UNtMC6009258 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <sipcore@ietf.org>; Wed, 30 Oct 2019 19:55:22 -0400
To: sipcore@ietf.org
References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <CAGL6epJgyr_VUYgKCgxDcP5ObKWErtDCHxaX7JusUYPXu=a6jQ@mail.gmail.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <448e3852-10d8-8717-7b76-e1ea30f02e3e@alum.mit.edu>
Date: Wed, 30 Oct 2019 19:55:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CAGL6epJgyr_VUYgKCgxDcP5ObKWErtDCHxaX7JusUYPXu=a6jQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(136003)(376002)(346002)(396003)(18543002)(189003)(199004)(126002)(88552002)(6246003)(11346002)(476003)(76130400001)(246002)(31696002)(65806001)(65956001)(53546011)(2616005)(58126008)(36906005)(305945005)(7596002)(478600001)(186003)(956004)(2361001)(2870700001)(316002)(75432002)(26005)(50466002)(8936002)(2351001)(31686004)(786003)(486006)(70206006)(2906002)(70586007)(76176011)(229853002)(8676002)(14444005)(106002)(86362001)(356004)(446003)(2486003)(966005)(336012)(26826003)(23676004)(6306002)(6916009)(47776003)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3452; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b63471bf-f8fb-42ed-a528-08d75d94a190
X-MS-TrafficTypeDiagnostic: DM6PR12MB3452:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <DM6PR12MB34527D67BB3F8D4709301C53F9600@DM6PR12MB3452.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 02065A9E77
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: W1dJ3mStCHH8gKAjn5G3xfG5Fa920IOMMBCgOu/bStO6x1qLO8DTzFcxG/wEzNM5HfurZKOIh/pfacVS7eVu9qjGkVui24wfw3uR+f8W5SPxyC74EyDvpEghz7gQaQqmWBu+mZWYdnXz6sjhv8ANd/Yc0x/qPxQbHgWR/xaSe0ebuFTTW1qlhSFSJlpGOlS50bl/uW54xdOXwDT4ZFlP5TuNTTrH0Gv1GNw7/O8peiGrIa4hD2kTv76Ti1KA6XhrvVKNJJ05qmwrpQgvN17qyTZ6kNhn+J4BYrPXZKQf616kCPz3t9k5PCbPHSrgDtltwere4zUTsFqAClSM9Bhdhg1a78I8jyAAFXX1ronVDTeI1X3jip54ZtmLgOgM1XWu830p/s2Aok9qoOAG9tsWdfYcKfDn+dGw0V00Om9Jk7q32yPIWkxfpp/XjCS5nX52txsRXk/HuGIVgmfTc0ohkjz5ELipcix7bWV4v8VXrUg=
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2019 23:55:24.1627 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b63471bf-f8fb-42ed-a528-08d75d94a190
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3452
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/z3tsC1iyw3i3E_W0SaK7i7l-9qk>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 23:55:29 -0000
On 10/30/19 5:50 PM, Rifaat Shekh-Yusef wrote: > Thanks Alexey! > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > I am not sure I follow the 3rd one.. Why do you see the need for a > minimum number of hex digits? The number of digits is determined by the algorithm. Since MD5 has 32 hex digits, and is deemed unacceptable now, I think we can safely restrict this to a minimum of 32 digits. Thanks, Paul > Regards, > Rifaat > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker > <noreply@ietf.org <mailto:noreply@ietf.org>> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Alissa's DISCUSS. > > Also, I have a few comments of my own: > > 1) Last para of Section 2.1: > > 2.1. Hash Algorithms > > A UAS prioritizes which algorithm to use based on the ordering > of the > challenge header fields in the response it is preparing. > > This looks either wrong or confusing to me. I think you are just > saying here > that the order is decided by the server at this point. > > That > process is specified in section 2.3 and parallels the process > used in > HTTP specified by [RFC7616]. > > So based on the above, my suggested replacement for both sentences: > > A UAS prioritizes which algorithm to use based on its policy, > which is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request unless a local > policy dictates otherwise. > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > If yes, maybe you should make this clearer. > > For example, if the UAC does not have > credentials or has stale credentials for any of the realms, the UAC > will abandon the request. > > 3) In Section 2.7: > > request-digest = LDQUOT *LHEX RDQUOT > > This now allows empty value. I suggest you specify a minimum number > of hex > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] Alexey Melnikov's No Objection on draft… Alexey Melnikov via Datatracker
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Alexey Melnikov
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg
- Re: [sipcore] Alexey Melnikov's No Objection on d… Rifaat Shekh-Yusef
- Re: [sipcore] Alexey Melnikov's No Objection on d… Paul Kyzivat
- Re: [sipcore] Alexey Melnikov's No Objection on d… Christer Holmberg