--- 1/draft-ietf-sipcore-digest-scheme-06.txt 2019-07-03 06:13:03.528811148 -0700 +++ 2/draft-ietf-sipcore-digest-scheme-07.txt 2019-07-03 06:13:03.552811754 -0700 @@ -1,19 +1,19 @@ SIP Core R. Shekh-Yusef Internet-Draft Avaya -Updates: 3261 (if approved) July 2, 2019 +Updates: 3261 (if approved) July 3, 2019 Intended status: Standards Track -Expires: January 3, 2020 +Expires: January 4, 2020 The Session Initiation Protocol (SIP) Digest Authentication Scheme - draft-ietf-sipcore-digest-scheme-06 + draft-ietf-sipcore-digest-scheme-07 Abstract This document updates [RFC3261] by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g. SHA-256 and SHA-512-256, to replace the broken MD5 algorithm, which might be used for backward compatibility reasons only. Status of This Memo @@ -24,21 +24,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 3, 2020. + This Internet-Draft will expire on January 4, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -216,22 +216,22 @@ response it MUST maintain the order of these header fields. The ordering of the header field values from the various proxies is not significant. 2.6. HTTP Digest Authentication Scheme Modifications This section describes the modifications and clarifications required to apply the HTTP Digest authentication scheme to SIP. The SIP scheme usage is similar to that for HTTP. For completeness, the bullets specified below are mostly copied from section 22.4 of - [RFC3261]; the only semantic changes are specified in bullets 7 and 8 - below. + [RFC3261]; the only semantic changes are specified in bullets 1, 7, + and 8 below. SIP clients and servers MUST NOT accept or request Basic authentication. The rules for Digest authentication follow those defined in HTTP, with "HTTP/1.1" [RFC7616] replaced by "SIP/2.0" in addition to the following differences: 1. The URI included in the challenge has the following BNF: @@ -328,21 +328,21 @@ in the future. This document specifies that algorithms defined in that registry may be used in SIP digest authentication. This document has no actions for IANA. 5. Acknowledgments The author would like to thank the following individuals for their careful reviews, comments, and suggestions: Paul Kyzivat, Olle Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga - Asveren, Christer Holmberg, and Brian Rosen. + Asveren, Christer Holmberg, Brian Rosen, and Jean Mahoney. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, H., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E.