Re: [Last-Call] [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Roni,

I agree with the ABNF issue. I will fix that in the next version of the draft.

Thanks,
 Rifaat


On Wed, Oct 23, 2019 at 1:43 AM Roni Even (A) <roni.even@xxxxxxxxxx> wrote:

Rifaat thanks,

See in line

Roni

 

 

On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatracker <noreply@xxxxxxxx> wrote:

Reviewer: Roni Even
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: None
IESG Telechat date: 2019-10-31

Summary:
The document is almost ready for publication as a standard track RFC

Major issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the challenges in the
response, then it SHOULD abandon attempts to send the request, e.g. if the UAC
   does not have credentials or has stale credentials for any of the realms,
   unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " If no
   credentials for a realm can be located, UACs MAY attempt to retry the
   request with a username of "anonymous" and no password (a  password of "").
   Is this deprecated ?

 

No, it is not deprecated by this document, and that part is covered by the last sentence of the quoted paragraph, which talks about a local policy.

 

RE: I have no strong feeling it is just that the language is different

 

 

2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it

 

These changes are provided in the context of RFC7616, so if an implementation supports "-sess" it could always refer to that document for these details.

 

RE: I think that the BNF
algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256"/ token ) 
should be 
algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess / "SHA-512-256" / "SHA-256"/ token )
 

 

 


3. it may be good to have a backward compatibility section.

I believe we covered that in the security consideration section. Do you see anything missing there?

 

RE: OK, no problem.

 

Regards,

 Rifaat

 

 

Nits/editorial comments:

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux