Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, 2014 1Rifaat Shekh-Yusef - SIP Digest Auth.

Published byDenis Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, 2014 1Rifaat Shekh-Yusef - SIP Digest Auth."— Presentation transcript:

1 SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, 2014 1Rifaat Shekh-Yusef - SIP Digest Auth

2 Algorithms Agility New Algorithms – SHA-256 – SHA-512/256 IANA Registry – HTTP Digest Hash Algorithms Registry 2Rifaat Shekh-Yusef - SIP Digest Auth

3 “HTTP Digest Hash Algorithms” Registry Hash Algorithm Digest Size Preference Reference -------------- ----------- ---------- --------- MD5 32 1.0 RFC XXXX SHA-512-256 64 2.0 RFC XXXX SHA-256 64 3.0 RFC XXXX Update Policy: Specification Required 3Rifaat Shekh-Yusef - SIP Digest Auth

4 Forking Forking Proxy – Aggregates challenges into a single response. – Multiple challenges should be differentiated by the realm. – Multiple challenges might belong to the same realm. Can these challenges use different algorithms? UAC – Provides authorization for each realm using the top/preferred algorithm. 4Rifaat Shekh-Yusef - SIP Digest Auth

5 Forking Backward Compatibility Option 1Option 2 Resource ProxyAlgorithms in order of preference Algorithms in no particular order Forking ProxyMust maintain orderOrder is not significant UACSelect the top algorithm per realm Select the most preferred algorithm per realm, as defined in the IANA Registry. 5Rifaat Shekh-Yusef - SIP Digest Auth

6 QoP Backward Compatibility RFC3261, Section 22.4, bullet 8 Use of the "qop" parameter is optional in RFC 2617 for the purposes of backwards compatibility with RFC 2069; since RFC 2543 was based on RFC 2069, the "qop" parameter must unfortunately remain optional for clients and servers to receive. However, servers MUST always send a "qop" parameter in WWW- Authenticate and Proxy-Authenticate header field values. If a client receives a "qop" parameter in a challenge header field, it MUST send the "qop" parameter in any resulting authorization header field. RFC2617 - H ( H(A1) | nonce | nc | cnonce | qop | H(A2) ) RFC2069 - H ( H(A1) | nonce | H(A2) ) 6Rifaat Shekh-Yusef - SIP Digest Auth

7 Feedback? Forking QoP Backward Compatibility WG adoption 7Rifaat Shekh-Yusef - SIP Digest Auth

Download ppt "SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, 2014 1Rifaat Shekh-Yusef - SIP Digest Auth."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com Internet Telecom Expo 2000 - September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.

Internet Telecom Expo September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
PAWS WG IETF-84 Device to Database Protocol for White Space July, 2012 Subir Das, John Malyar, Don Joslyn.

PAWS WG IETF-84 Device to Database Protocol for White Space July, 2012 Subir Das, John Malyar, Don Joslyn.
SIP Authentication using CHAP-Password Bryan J. Byerly David Williams draft-byerly-sip-radius-00.txt.

SIP Authentication using CHAP-Password Bryan J. Byerly David Williams draft-byerly-sip-radius-00.txt.
The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.

The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
SIP Security Matt Hsu.

SIP Security Matt Hsu.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba

March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.

IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21, 2014 1.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Diameter SIP application IETF 64 Vancouver, 6-11 November, 2005

Diameter SIP application IETF 64 Vancouver, 6-11 November, 2005
1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.

1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
Draft-elwell-sipping- redirection-reason-00 Author: John Elwell

Draft-elwell-sipping- redirection-reason-00 Author: John Elwell
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.

Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.

Similar presentations

Ads by Google