--- 1/draft-ietf-sipcore-digest-scheme-11.txt 2019-10-30 10:13:11.095591632 -0700 +++ 2/draft-ietf-sipcore-digest-scheme-12.txt 2019-10-30 10:13:11.123592340 -0700 @@ -1,19 +1,19 @@ SIP Core R. Shekh-Yusef Internet-Draft Avaya -Updates: 3261 (if approved) October 28, 2019 +Updates: 3261 (if approved) October 29, 2019 Intended status: Standards Track -Expires: April 30, 2020 +Expires: May 1, 2020 The Session Initiation Protocol (SIP) Digest Authentication Scheme - draft-ietf-sipcore-digest-scheme-11 + draft-ietf-sipcore-digest-scheme-12 Abstract This document updates RFC 3261 by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512-256, to replace the broken MD5 algorithm. Status of This Memo @@ -23,21 +23,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 30, 2020. + This Internet-Draft will expire on May 1, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -302,22 +302,22 @@ digest sizes: request-digest = LDQUOT *LHEX RDQUOT The number of hex digits is implied by the length of the value of the algorithm used. It extends the algorithm parameter as follows to allow for any algorithm in the registry to be used: - algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" - / token ) + algorithm = "algorithm" EQUAL ( ("MD5" / "SHA-512-256" / "SHA- + 256")[-sess]) / token ) Each one of these algorithms might have a "-sess" variant, e.g., MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] 3. Security Considerations This specification adds new secure algorithms to be used with the Digest mechanism to authenticate users. The broken MD5 algorithm remains only for backward compatibility with [RFC2617] but its use is NOT RECOMMENDED. @@ -339,21 +339,21 @@ that registry may be used in SIP digest authentication. This document has no actions for IANA. 5. Acknowledgments The author would like to thank the following individuals for their careful reviews, comments, and suggestions: Paul Kyzivat, Olle Johansson, Dale Worley, Michael Procter, Inaki Baz Castillo, Tolga Asveren, Christer Holmberg, Brian Rosen, Jean Mahoney, Adam Roach, - Barry Leiba, and Roni Even. + Barry Leiba, Roni Even, Benjamin Kaduk, and Alissa Cooper. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, .