draft-ietf-sipcore-digest-scheme-11.txt   draft-ietf-sipcore-digest-scheme-12.txt 
SIP Core R. Shekh-Yusef SIP Core R. Shekh-Yusef
Internet-Draft Avaya Internet-Draft Avaya
Updates: 3261 (if approved) October 28, 2019 Updates: 3261 (if approved) October 29, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: April 30, 2020 Expires: May 1, 2020
The Session Initiation Protocol (SIP) Digest Authentication Scheme The Session Initiation Protocol (SIP) Digest Authentication Scheme
draft-ietf-sipcore-digest-scheme-11 draft-ietf-sipcore-digest-scheme-12
Abstract Abstract
This document updates RFC 3261 by updating the Digest Access This document updates RFC 3261 by updating the Digest Access
Authentication scheme used by the Session Initiation Protocol (SIP) Authentication scheme used by the Session Initiation Protocol (SIP)
to add support for more secure digest algorithms, e.g., SHA-256 and to add support for more secure digest algorithms, e.g., SHA-256 and
SHA-512-256, to replace the broken MD5 algorithm. SHA-512-256, to replace the broken MD5 algorithm.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 30, 2020. This Internet-Draft will expire on May 1, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 7, line 39 skipping to change at page 7, line 39
digest sizes: digest sizes:
request-digest = LDQUOT *LHEX RDQUOT request-digest = LDQUOT *LHEX RDQUOT
The number of hex digits is implied by the length of the value of the The number of hex digits is implied by the length of the value of the
algorithm used. algorithm used.
It extends the algorithm parameter as follows to allow for any It extends the algorithm parameter as follows to allow for any
algorithm in the registry to be used: algorithm in the registry to be used:
algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" algorithm = "algorithm" EQUAL ( ("MD5" / "SHA-512-256" / "SHA-
/ token ) 256")[-sess]) / token )
Each one of these algorithms might have a "-sess" variant, e.g., Each one of these algorithms might have a "-sess" variant, e.g.,
MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] MD5-sess, SHA-256-sess, etc, as defined in [RFC7616]
3. Security Considerations 3. Security Considerations
This specification adds new secure algorithms to be used with the This specification adds new secure algorithms to be used with the
Digest mechanism to authenticate users. The broken MD5 algorithm Digest mechanism to authenticate users. The broken MD5 algorithm
remains only for backward compatibility with [RFC2617] but its use is remains only for backward compatibility with [RFC2617] but its use is
NOT RECOMMENDED. NOT RECOMMENDED.
skipping to change at page 8, line 31 skipping to change at page 8, line 31
that registry may be used in SIP digest authentication. that registry may be used in SIP digest authentication.
This document has no actions for IANA. This document has no actions for IANA.
5. Acknowledgments 5. Acknowledgments
The author would like to thank the following individuals for their The author would like to thank the following individuals for their
careful reviews, comments, and suggestions: Paul Kyzivat, Olle careful reviews, comments, and suggestions: Paul Kyzivat, Olle
Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga
Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, Adam Roach, Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, Adam Roach,
Barry Leiba, and Roni Even. Barry Leiba, Roni Even, Benjamin Kaduk, and Alissa Cooper.
6. References 6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
 End of changes. 6 change blocks. 
7 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/