--- 1/draft-ietf-sipcore-digest-scheme-01.txt 2019-05-09 13:13:14.780356767 -0700 +++ 2/draft-ietf-sipcore-digest-scheme-02.txt 2019-05-09 13:13:14.800357273 -0700 @@ -1,19 +1,19 @@ SIP Core R. Shekh-Yusef Internet-Draft Avaya -Updates: 3261 (if approved) May 7, 2019 +Updates: 3261 (if approved) May 9, 2019 Intended status: Standards Track -Expires: November 8, 2019 +Expires: November 10, 2019 The Session Initiation Protocol (SIP) Digest Authentication Scheme - draft-ietf-sipcore-digest-scheme-01 + draft-ietf-sipcore-digest-scheme-02 Abstract This document updates the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for secure digest algorithms to replace the broken MD5 algorithm. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -22,21 +22,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 8, 2019. + This Internet-Draft will expire on November 10, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -55,32 +55,32 @@ the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. The SIP Digest Authentication Scheme . . . . . . . . . . . . 3 + 2. The Updated SIP Digest Authentication Scheme . . . . . . . . 3 2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3 2.2. Representation of Digest Values . . . . . . . . . . . . . 3 2.3. The Authenticate Response Header Field . . . . . . . . . 4 2.4. The Authorization Request Header Field . . . . . . . . . 4 2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.6. HTTP Modifications . . . . . . . . . . . . . . . . . . . 5 - 3. Augmented BNF for the SIP Protocol . . . . . . . . . . . . . 6 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 - 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 - 7. Normative References . . . . . . . . . . . . . . . . . . . . 7 + 2.7. Augmented BNF for the SIP Protocol . . . . . . . . . . . 6 + 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 + 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 + 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 + 6. Normative References . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction The SIP protocol [RFC3261] uses the same mechanism used by the HTTP protocol for authenticating users, which is a simple challenge- response authentication mechanism that allows a server to challenge a client request and allows a client to provide authentication information in response to that challenge. @@ -98,21 +98,21 @@ SIP to support the list of digest algorithms defined in the "Hash Algorithms for HTTP Digest Authentication" registry defined by [RFC7616]. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. -2. The SIP Digest Authentication Scheme +2. The Updated SIP Digest Authentication Scheme This section describes the modifications to the operation of the Digest mechanism as specified in [RFC3261] in order to support the SHA- 256 and SHA-512/256 algorithms as described in [RFC7616], and also to require support for the "qop" option." 2.1. Hash Algorithms The Digest scheme has an 'algorithm' parameter that specifies the algorithm to be used to compute the digest of the response. The IANA @@ -256,69 +256,69 @@ properly handle "qop" parameter received in WWW-Authenticate and Proxy-Authenticate header fields. Servers MUST always send a "qop" parameter in WWW-Authenticate and Proxy-Authenticate header field values, and clients MUST send the "qop" parameter in any resulting authorization header field. The usage of the Authentication-Info header field continue to be allowed, since it provides integrity checks over the bodies and provides mutual authentication. -3. Augmented BNF for the SIP Protocol +2.7. Augmented BNF for the SIP Protocol This document updates the Augmented BNF for the SIP Protocol as follows. It extends the request-digest as follows to allow for different digest sizes: request-digest = LDQUOT *LHEX RDQUOT The number of hex digits must be specified by the specification of the algorithm used. It extends the algorithm parameter as follows to allow for SHA2 algorithms to be used: algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" / token ) -4. Security Considerations +3. Security Considerations This specification adds new secure algorithms to be used to with the Digest mechanism to authenticate users, but leaves the broken MD5 algorithm for backward compatibility. This opens the system to the potential of a downgrade attack by man- in-the-middle. The most effective way of dealing with this type of attack is to either validate the client and challenge it accordingly, or remove the support for backward compatibility by not supporting MD5. See section 5 of [RFC7616] for a detailed security discussion of the Digest scheme. -5. IANA Considerations +4. IANA Considerations [RFC7616] defines an IANA registry named "Hash Algorithms for HTTP Digest Authentication" to simplify the introduction of new algorithms in the future. This document will use the algorithms defined in that registry. -6. Acknowledgments +5. Acknowledgments The author would like to thank the following individuals for their careful reviews, comments, and suggestions: Paul Kyzivat, Olle Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga Asveren, Christer Holmberg, and Brian Rosen. -7. Normative References +6. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, H., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC7234] Fielding, R., Nottingham, M., and J. Reschke, "Hypertext