[prev in list] [next in list] [prev in thread] [next in thread]
List: sip-implementors
Subject: RE: [Sip-implementors] Authentication algorithm selection problem in RFC 3310
From: Avasarala Ranjit-A20990 <ranjit () motorola ! com>
Date: 2005-02-28 3:57:17
Message-ID: 653138C25D8AD6118292000347080A3716CC2616 () zin05exm02 ! corp ! mot ! com
[Download RAW message or body]
Hi
If the server does not know the alogirthm of UAC, then it should send the \
algorithms it understands in 401. like MD5 or MD5-sess with the corresponding \
attribute values for that algorithm.
Regards
Ranjit
-----Original Message-----
From: sip-implementors-bounces@cs.columbia.edu \
[mailto:sip-implementors-bounces@cs.columbia.edu] On Behalf Of Rao \
Chittaranjan-Q16916
Sent: Saturday, February 26, 2005 12:40 PM
To: sip-implementors@cs.columbia.edu
Cc: Rao Chittaranjan-Q16916
Subject: [Sip-implementors] Authentication algorithm selection problem in RFC 3310
Hi All,
For AKA as per RFC 3310 the algorithm directive is overloaded to indicate Digest \
AKA. In section 3.1 of RFC 3310 it is mentioned that if the algorithm directive is \
not understood, the accompanying nonce value SHOULD be ignored and another challenge \
should be used instead. In section 5.3 of the same RFC it is mentioned that "A client \
receiving an HTTP Digest challenge with several available algorithms MUST choose the \
strongest algorithm it understands".
As per RFC 2617, the algorithm directive "algorithm = "algorithm" "=" ( "MD5" | \
"MD5-sess" | token )" does not seem to be a list of options. If the server does not \
know the exact algorithm supported by the UE, what should it send in a 401 response? \
Should it maintain state (which RFC 3261, 26.3.2.4 DoS Protection discourages) and \
send a sequence of 401 messages starting from the strongest algorithm it supports? \
For example should the server send a 401 with algorithm=AKAv1-MD5, and if it gets no \
response, then send a 401 with algorithm=MD5 ?
Thanks in advance,
Regards,
Chittaranjan
_______________________________________________
Sip-implementors mailing list
Sip-implementors@cs.columbia.edu \
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic