< draft-ietf-sipcore-digest-scheme-07.txt   draft-ietf-sipcore-digest-scheme-08.txt >
SIP Core R. Shekh-Yusef SIP Core R. Shekh-Yusef
Internet-Draft Avaya Internet-Draft Avaya
Updates: 3261 (if approved) July 3, 2019 Updates: 3261 (if approved) July 3, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: January 4, 2020 Expires: January 4, 2020
The Session Initiation Protocol (SIP) Digest Authentication Scheme The Session Initiation Protocol (SIP) Digest Authentication Scheme
draft-ietf-sipcore-digest-scheme-07 draft-ietf-sipcore-digest-scheme-08
Abstract Abstract
This document updates [RFC3261] by updating the Digest Access This document updates RFC 3261 by updating the Digest Access
Authentication scheme used by the Session Initiation Protocol (SIP) Authentication scheme used by the Session Initiation Protocol (SIP)
to add support for more secure digest algorithms, e.g. SHA-256 and to add support for more secure digest algorithms, e.g. SHA-256 and
SHA-512-256, to replace the broken MD5 algorithm, which might be used SHA-512-256, to replace the broken MD5 algorithm, which might be used
for backward compatibility reasons only. for backward compatibility reasons only.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 2, line 30 skipping to change at page 2, line 30
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. SIP Digest Authentication Scheme Updates . . . . . . . . . . 3 2. SIP Digest Authentication Scheme Updates . . . . . . . . . . 3
2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3 2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3
2.2. Representation of Digest Values . . . . . . . . . . . . . 4 2.2. Representation of Digest Values . . . . . . . . . . . . . 4
2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4 2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4
2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 5 2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 5
2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5 2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5
2.7. Augmented BNF for the SIP . . . . . . . . . . . . . . . . 7 2.7. Augmented BNF for SIP . . . . . . . . . . . . . . . . . . 7
3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Normative References . . . . . . . . . . . . . . . . . . 8 6.1. Normative References . . . . . . . . . . . . . . . . . . 8
6.2. Informative References . . . . . . . . . . . . . . . . . 8 6.2. Informative References . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
skipping to change at page 7, line 20 skipping to change at page 7, line 20
RFC3261-based clients and servers to receive. RFC3261-based clients and servers to receive.
A UAS MUST always send a "qop" parameter in WWW-Authenticate and A UAS MUST always send a "qop" parameter in WWW-Authenticate and
Proxy-Authenticate header field values, and a UAC MUST send the "qop" Proxy-Authenticate header field values, and a UAC MUST send the "qop"
parameter in any resulting authorization header field. parameter in any resulting authorization header field.
The usage of the Authentication-Info header field continues to be The usage of the Authentication-Info header field continues to be
allowed, since it provides integrity checks over the bodies and allowed, since it provides integrity checks over the bodies and
provides mutual authentication. provides mutual authentication.
2.7. Augmented BNF for the SIP 2.7. Augmented BNF for SIP
This document updates the Augmented BNF [RFC5234] for SIP as follows. This document updates the Augmented BNF [RFC5234] for SIP as follows.
It extends the request-digest as follows to allow for different It extends the request-digest as follows to allow for different
digest sizes: digest sizes:
request-digest = LDQUOT *LHEX RDQUOT request-digest = LDQUOT *LHEX RDQUOT
The number of hex digits is implied by the length of the value of the The number of hex digits is implied by the length of the value of the
algorithm used. algorithm used.
 End of changes. 4 change blocks. 
4 lines changed or deleted 4 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/