[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[AAA-WG]: issue with expected response calculation (fwd)




---------- Forwarded message ----------
Date: Tue, 12 Apr 2005 14:26:05 +0200
From: Jo Hermans <jo.hermans@gmail.com>
To: aaa-wg@merit.edu
Subject: [AAA-WG]: issue with expected response calculation

I have a problem with paragraph 8.5.6.1 <http://8.5.6.1> in
draft-ietf-aaa-diameter-sip-app-07 , 3th paragraph ("Please note that the
expected response ...")

The draft mentions that the expected response calculation can't be done when
the SIP UA has sent a expected response based on client nonces. It then
mentions that this is the case when the qop-parameter is present in the
client request.

That last part I don't understand. I though that H(A1) is dependent on the
algorithm, not qop. Qop has only influence on the A2 and digest, which are
both calculated in the Diameter Client (SIP Server). See also <
http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue40>

But even then I don't understand. I think that the Diameter Server does has
the client-nonces available (they're in the SIP-Authorization AVP, and were
used to calculate the request digest !)), and is able to calculate a H(A1).
Even if MD5-sess was used, it could still calculate H(A1). MD5-sess also has
the added advantage that H(A1) could only be used once, which is also the
reason why draft-sterman-aaa-sip-04.txt doesn't want to use MD5 unless the
message is protected against eavesdropping.

I agree that if qop is missing and algorithm is MD5, client-nonces aren't
used at all (backwards compatibility with RFC2069). H(A1) might be stored
inside the Diameter Client (SIP server) when it's first received, and reused
later on. Is it this that the draft is alluding to ?

-- 
Jo Hermans

"Eagles may soar, but weasels aren't sucked into jet engines"

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>