[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sip-implementors
Subject:    RE: [Sip-implementors] Authentication algorithm selection problem in RFC 3310
From:       Avasarala Ranjit-A20990 <ranjit () motorola ! com>
Date:       2005-02-28 3:57:17
Message-ID: 653138C25D8AD6118292000347080A3716CC2616 () zin05exm02 ! corp ! mot ! com
[Download RAW message or body]

Hi
   If the server does not know the alogirthm of UAC, then it should send the \
algorithms it understands in 401. like MD5 or MD5-sess with the corresponding \
attribute values for that algorithm. 

Regards
Ranjit





-----Original Message-----
From: sip-implementors-bounces@cs.columbia.edu \
[mailto:sip-implementors-bounces@cs.columbia.edu] On Behalf Of Rao \
                Chittaranjan-Q16916
Sent: Saturday, February 26, 2005 12:40 PM
To: sip-implementors@cs.columbia.edu
Cc: Rao Chittaranjan-Q16916
Subject: [Sip-implementors] Authentication algorithm selection problem in RFC 3310


Hi All,
    For AKA as per RFC 3310 the algorithm directive is overloaded to indicate Digest \
AKA. In section 3.1 of RFC 3310 it is mentioned that if the algorithm directive is \
not understood, the accompanying nonce value SHOULD be ignored and another challenge \
should be used instead. In section 5.3 of the same RFC it is mentioned that "A client \
receiving an HTTP Digest challenge with several available algorithms MUST choose the \
strongest algorithm it understands". 

	As per RFC 2617, the algorithm directive "algorithm = "algorithm" "=" ( "MD5" | \
"MD5-sess" | token )" does not seem to be a list of options. If the server does not \
know the exact algorithm supported by the UE, what should it send in a 401 response? \
Should it maintain state (which RFC 3261, 26.3.2.4 DoS Protection discourages) and \
send a sequence of 401 messages starting from the strongest algorithm it supports? \
For example should the server send a 401 with algorithm=AKAv1-MD5, and if it gets no \
response, then send a 401 with algorithm=MD5 ?

Thanks in advance,

Regards,
Chittaranjan	


_______________________________________________
Sip-implementors mailing list
Sip-implementors@cs.columbia.edu \
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic