draft-ietf-sipcore-digest-scheme-09.txt   draft-ietf-sipcore-digest-scheme-10.txt 
SIP Core R. Shekh-Yusef SIP Core R. Shekh-Yusef
Internet-Draft Avaya Internet-Draft Avaya
Updates: 3261 (if approved) September 16, 2019 Updates: 3261 (if approved) September 18, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: March 19, 2020 Expires: March 21, 2020
The Session Initiation Protocol (SIP) Digest Authentication Scheme The Session Initiation Protocol (SIP) Digest Authentication Scheme
draft-ietf-sipcore-digest-scheme-09 draft-ietf-sipcore-digest-scheme-10
Abstract Abstract
This document updates RFC 3261 by updating the Digest Access This document updates RFC 3261 by updating the Digest Access
Authentication scheme used by the Session Initiation Protocol (SIP) Authentication scheme used by the Session Initiation Protocol (SIP)
to add support for more secure digest algorithms, e.g. SHA-256 and to add support for more secure digest algorithms, e.g. SHA-256 and
SHA-512-256, to replace the broken MD5 algorithm, which might be used SHA-512-256, to replace the broken MD5 algorithm, which might be used
for backward compatibility reasons only. for backward compatibility reasons only.
Status of This Memo Status of This Memo
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 19, 2020. This Internet-Draft will expire on March 21, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4 2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4
2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 5 2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 5
2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5 2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5
2.7. Augmented BNF for SIP . . . . . . . . . . . . . . . . . . 7 2.7. Augmented BNF for SIP . . . . . . . . . . . . . . . . . . 7
3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Normative References . . . . . . . . . . . . . . . . . . 8 6.1. Normative References . . . . . . . . . . . . . . . . . . 8
6.2. Informative References . . . . . . . . . . . . . . . . . 8 6.2. Informative References . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
The Session Initiation Protocol [RFC3261] uses the same mechanism The Session Initiation Protocol [RFC3261] uses the same mechanism
that the Hypertext Transfer Protocol (HTTP) uses for authenticating that the Hypertext Transfer Protocol (HTTP) uses for authenticating
users. This mechanism is called Digest Access Authentication, and it users. This mechanism is called Digest Access Authentication, and it
is a simple challenge-response mechanism that allows a server to is a simple challenge-response mechanism that allows a server to
challenge a client request and allows a client to provide challenge a client request and allows a client to provide
authentication information in response to that challenge. The authentication information in response to that challenge. The
skipping to change at page 3, line 21 skipping to change at page 3, line 21
Authentication" registry, so that algorithms can be added in the Authentication" registry, so that algorithms can be added in the
future. future.
This document updates the Digest Access Authentication scheme used by This document updates the Digest Access Authentication scheme used by
SIP to support the algorithms listed in the "Hash Algorithms for HTTP SIP to support the algorithms listed in the "Hash Algorithms for HTTP
Digest Authentication" registry defined by [RFC7616]. Digest Authentication" registry defined by [RFC7616].
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC8174]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. SIP Digest Authentication Scheme Updates 2. SIP Digest Authentication Scheme Updates
This section describes the modifications to the operation of the This section describes the modifications to the operation of the
Digest mechanism as specified in [RFC3261] in order to support the Digest mechanism as specified in [RFC3261] in order to support the
algorithms defined in the "Hash Algorithms for HTTP Digest algorithms defined in the "Hash Algorithms for HTTP Digest
Authentication" registry described in [RFC7616]. Authentication" registry described in [RFC7616].
It replaces the reference to [RFC2617] with a reference to [RFC7616] It replaces the reference to [RFC2617] with a reference to [RFC7616]
in [RFC3261], and describes the modifications to the usage of the in [RFC3261], and describes the modifications to the usage of the
skipping to change at page 8, line 29 skipping to change at page 8, line 29
The author would like to thank the following individuals for their The author would like to thank the following individuals for their
careful reviews, comments, and suggestions: Paul Kyzivat, Olle careful reviews, comments, and suggestions: Paul Kyzivat, Olle
Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga
Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, and Adam Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, and Adam
Roach. Roach.
6. References 6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, H., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, H., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC7234] Fielding, R., Nottingham, M., and J. Reschke, "Hypertext [RFC7234] Fielding, R., Nottingham, M., and J. Reschke, "Hypertext
Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June
2014. 2014.
[RFC7616] Shekh-Yusef, R., Ahrens, D., and S. Bremer, "HTTP Digest [RFC7616] Shekh-Yusef, R., Ahrens, D., and S. Bremer, "HTTP Digest
 End of changes. 7 change blocks. 
7 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/