draft-ietf-sipcore-digest-scheme-12.txt   draft-ietf-sipcore-digest-scheme-13.txt 
SIP Core R. Shekh-Yusef SIP Core R. Shekh-Yusef
Internet-Draft Avaya Internet-Draft Avaya
Updates: 3261 (if approved) October 29, 2019 Updates: 3261 (if approved) October 29, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: May 1, 2020 Expires: May 1, 2020
The Session Initiation Protocol (SIP) Digest Authentication Scheme The Session Initiation Protocol (SIP) Digest Authentication Scheme
draft-ietf-sipcore-digest-scheme-12 draft-ietf-sipcore-digest-scheme-13
Abstract Abstract
This document updates RFC 3261 by updating the Digest Access This document updates RFC 3261 by updating the Digest Access
Authentication scheme used by the Session Initiation Protocol (SIP) Authentication scheme used by the Session Initiation Protocol (SIP)
to add support for more secure digest algorithms, e.g., SHA-256 and to add support for more secure digest algorithms, e.g., SHA-256 and
SHA-512-256, to replace the broken MD5 algorithm. SHA-512-256, to replace the broken MD5 algorithm.
Status of This Memo Status of This Memo
skipping to change at page 2, line 25 skipping to change at page 2, line 25
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. SIP Digest Authentication Scheme Updates . . . . . . . . . . 3 2. SIP Digest Authentication Scheme Updates . . . . . . . . . . 3
2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3 2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3
2.2. Representation of Digest Values . . . . . . . . . . . . . 4 2.2. Representation of Digest Values . . . . . . . . . . . . . 4
2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4 2.3. UAS Behavior . . . . . . . . . . . . . . . . . . . . . . 4
2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 5 2.4. UAC Behavior . . . . . . . . . . . . . . . . . . . . . . 4
2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5 2.6. HTTP Digest Authentication Scheme Modifications . . . . . 5
2.7. Augmented BNF for SIP . . . . . . . . . . . . . . . . . . 7 2.7. Augmented BNF for SIP . . . . . . . . . . . . . . . . . . 7
3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Normative References . . . . . . . . . . . . . . . . . . 8 6.1. Normative References . . . . . . . . . . . . . . . . . . 8
6.2. Informative References . . . . . . . . . . . . . . . . . 9 6.2. Informative References . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9
skipping to change at page 3, line 35 skipping to change at page 3, line 35
This section describes the modifications to the operation of the This section describes the modifications to the operation of the
Digest mechanism as specified in [RFC3261] in order to support the Digest mechanism as specified in [RFC3261] in order to support the
algorithms defined in the "Hash Algorithms for HTTP Digest algorithms defined in the "Hash Algorithms for HTTP Digest
Authentication" registry described in [RFC7616]. Authentication" registry described in [RFC7616].
It replaces the reference used in [RFC3261] for Digest Access It replaces the reference used in [RFC3261] for Digest Access
Authentication, substituting [RFC7616] for the obsolete [RFC2617], Authentication, substituting [RFC7616] for the obsolete [RFC2617],
and describes the modifications to the usage of the Digest mechanism and describes the modifications to the usage of the Digest mechanism
in [RFC3261] resulting from that reference update. It adds support in [RFC3261] resulting from that reference update. It adds support
for the SHA-256 and SHA-512/256 algorithms. It adds required support for the SHA-256 and SHA-512-256 algorithms [SHA2]. It adds required
for the "qop" parameter. It provides additional User Agent Client support for the "qop" parameter. It provides additional User Agent
(UAC) and User Agent Server (UAS) procedures regarding usage of Client (UAC) and User Agent Server (UAS) procedures regarding usage
multiple SIP Authorization, WWW-Authenticate and Proxy-Authenticate of multiple SIP Authorization, WWW-Authenticate and Proxy-
header fields, including in which order to insert and process them. Authenticate header fields, including in which order to insert and
It provides guidance regarding forking. Finally, it updates the SIP process them. It provides guidance regarding forking. Finally, it
BNF as required by the updates. updates the SIP BNF as required by the updates.
2.1. Hash Algorithms 2.1. Hash Algorithms
The Digest scheme has an 'algorithm' parameter that specifies the The Digest scheme has an 'algorithm' parameter that specifies the
algorithm to be used to compute the digest of the response. The IANA algorithm to be used to compute the digest of the response. The IANA
registry named the "Hash Algorithms for HTTP Digest Authentication" registry named the "Hash Algorithms for HTTP Digest Authentication"
specifies the algorithms that correspond to 'algorithm' values. specifies the algorithms that correspond to 'algorithm' values.
[RFC3261] specifies only one algorithm, MD5, which is used by [RFC3261] specifies only one algorithm, MD5, which is used by
default. This document extends [RFC3261] to allow use of any default. This document extends [RFC3261] to allow use of any
algorithm listed in the "Hash Algorithms for HTTP Digest algorithm listed in the "Hash Algorithms for HTTP Digest
Authentication" registry. Authentication" registry.
A UAS prioritizes which algorithm to use based on the ordering of the A UAS prioritizes which algorithm to use based on its policy, which
challenge header fields in the response it is preparing. That is specified in section 2.3 and parallels the process used in HTTP
process is specified in section 2.3 and parallels the process used in specified by [RFC7616].
HTTP specified by [RFC7616].
2.2. Representation of Digest Values 2.2. Representation of Digest Values
The size of the digest depends on the algorithm used. The bits in The size of the digest depends on the algorithm used. The bits in
the digest are converted from the most significant to the least the digest are converted from the most significant to the least
significant bit, four bits at a time to the ASCII representation as significant bit, four bits at a time to the ASCII representation as
follows. Each four bits is represented by its familiar hexadecimal follows. Each four bits is represented by its familiar hexadecimal
notation from the characters 0123456789abcdef, that is binary 0000 is notation from the characters 0123456789abcdef, that is binary 0000 is
represented by the character '0', 0001 by '1' and so on up to the represented by the character '0', 0001 by '1' and so on up to the
representation of 1111 as 'f'. If the SHA-256 or SHA-512/256 representation of 1111 as 'f'. If the SHA-256 or SHA-512-256
algorithm is used to calculate the digest, then the digest will be algorithm is used to calculate the digest, then the digest will be
represented as 64 hexadecimal characters. represented as 64 hexadecimal characters.
2.3. UAS Behavior 2.3. UAS Behavior
When a UAS receives a request from a UAC, and an acceptable When a UAS receives a request from a UAC, and an acceptable
Authorization header field is not received, the UAS can challenge the Authorization header field is not received, the UAS can challenge the
originator to provide credentials by rejecting the request with a originator to provide credentials by rejecting the request with a
401/407 status code with the WWW-Authenticate/Proxy-Authenticate 401/407 status code with the WWW-Authenticate/Proxy-Authenticate
header field respectively. The UAS MAY add multiple WWW- header field respectively. The UAS MAY add multiple WWW-
skipping to change at page 5, line 20 skipping to change at page 5, line 14
dictates otherwise. The client MUST ignore any challenge it does not dictates otherwise. The client MUST ignore any challenge it does not
understand. understand.
When the UAC receives a 401 response with multiple WWW-Authenticate When the UAC receives a 401 response with multiple WWW-Authenticate
header fields with different realms it SHOULD retry and add an header fields with different realms it SHOULD retry and add an
Authorization header field containing credentials that match the Authorization header field containing credentials that match the
topmost header field of any one of the realms, unless a local policy topmost header field of any one of the realms, unless a local policy
dictates otherwise. dictates otherwise.
If the UAC cannot respond to any of the challenges in the response, If the UAC cannot respond to any of the challenges in the response,
then it SHOULD abandon attempts to send the request unless a local then it SHOULD abandon attempts to send the request, unless a local
policy dictates otherwise. For example, if the UAC does not have policy dictates otherwise, e.g. the policy might indicate the use of
non-Digest mechanisms. For example, if the UAC does not have
credentials or has stale credentials for any of the realms, the UAC credentials or has stale credentials for any of the realms, the UAC
will abandon the request. will abandon the request.
2.5. Forking 2.5. Forking
Section 22.3 of [RFC3261] discusses the operation of the proxy-to- Section 22.3 of [RFC3261] discusses the operation of the proxy-to-
user authentication, which describes the operation of the proxy when user authentication, which describes the operation of the proxy when
it forks a request. This section clarifies that operation. it forks a request. This section clarifies that operation.
If a request is forked, various proxy servers and/or UAs may wish to If a request is forked, various proxy servers and/or UAs may wish to
skipping to change at page 7, line 39 skipping to change at page 7, line 32
digest sizes: digest sizes:
request-digest = LDQUOT *LHEX RDQUOT request-digest = LDQUOT *LHEX RDQUOT
The number of hex digits is implied by the length of the value of the The number of hex digits is implied by the length of the value of the
algorithm used. algorithm used.
It extends the algorithm parameter as follows to allow for any It extends the algorithm parameter as follows to allow for any
algorithm in the registry to be used: algorithm in the registry to be used:
algorithm = "algorithm" EQUAL ( ("MD5" / "SHA-512-256" / "SHA- algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess" / "SHA-256" /
256")[-sess]) / token ) "SHA-256-sess" / "SHA-512-256" / "SHA-512-256-sess" / token )
Each one of these algorithms might have a "-sess" variant, e.g.,
MD5-sess, SHA-256-sess, etc, as defined in [RFC7616]
3. Security Considerations 3. Security Considerations
This specification adds new secure algorithms to be used with the This specification adds new secure algorithms to be used with the
Digest mechanism to authenticate users. The broken MD5 algorithm Digest mechanism to authenticate users. The broken MD5 algorithm
remains only for backward compatibility with [RFC2617] but its use is remains only for backward compatibility with [RFC2617] but its use is
NOT RECOMMENDED. NOT RECOMMENDED.
This opens the system to the potential of a downgrade attack by an This opens the system to the potential of a downgrade attack by an
on-path attacker. The most effective way of dealing with this type on-path attacker. The most effective way of dealing with this type
skipping to change at page 8, line 31 skipping to change at page 8, line 23
that registry may be used in SIP digest authentication. that registry may be used in SIP digest authentication.
This document has no actions for IANA. This document has no actions for IANA.
5. Acknowledgments 5. Acknowledgments
The author would like to thank the following individuals for their The author would like to thank the following individuals for their
careful reviews, comments, and suggestions: Paul Kyzivat, Olle careful reviews, comments, and suggestions: Paul Kyzivat, Olle
Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga
Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, Adam Roach, Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, Adam Roach,
Barry Leiba, Roni Even, Benjamin Kaduk, and Alissa Cooper. Barry Leiba, Roni Even, Eric Vyncke, Benjamin Kaduk, Alissa Cooper,
Roman Danyliw, and Alexey Melnikov. .
6. References 6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 9, line 16 skipping to change at page 9, line 5
Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June
2014. 2014.
[RFC7616] Shekh-Yusef, R., Ahrens, D., and S. Bremer, "HTTP Digest [RFC7616] Shekh-Yusef, R., Ahrens, D., and S. Bremer, "HTTP Digest
Access Authentication", RFC 7616, September 2015. Access Authentication", RFC 7616, September 2015.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[SHA2] "SHA: SECURE HASH STANDARD, FIPS 180-2", August 2002.
6.2. Informative References 6.2. Informative References
[RFC2617] Franks, J., M. Hallam-Baker, P., L. Hostetler, J., D. [RFC2617] Franks, J., M. Hallam-Baker, P., L. Hostetler, J., D.
Lawrence, S., J. Leach, P., Luotonen, A., and L. C. Lawrence, S., J. Leach, P., Luotonen, A., and L. C.
Stewart, "HTTP Authentication: Basic and Digest Access Stewart, "HTTP Authentication: Basic and Digest Access
Authentication", RFC 2617, June 1999. Authentication", RFC 2617, June 1999.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
 End of changes. 9 change blocks. 
22 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/