[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposed Resolution to Issue

To: <radiusext@ops.ietf.org>, <mikem@open.com.au>
Subject: Proposed Resolution to Issue
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Thu, 3 Jan 2008 09:07:16 -0800
In-reply-to: <1DDB0D3CC4E7F14FAE946361C0A6065504C210B0@isr-jlm-mail.Kayote.com>
References: <20071107005849.GC28431@isi.edu> <20071117011304.GD9206@isi.edu> <20071121203436.GC17076@isi.edu> <1DDB0D3CC4E7F14FAE946361C0A6065504773089@isr-jlm-mail.Kayote.com> <20071126224034.GB21472@isi.edu> <1DDB0D3CC4E7F14FAE946361C0A606550477353E@isr-jlm-mail.Kayote.com> <20071210182633.GC2054@isi.edu> <1DDB0D3CC4E7F14FAE946361C0A606550483EA8B@isr-jlm-mail.Kayote.com> <BAY117-W30BE177E692EA03ABF43D393640@phx.gbl> <20071214225110.GE21923@isi.edu> <20071221231446.GB5266@isi.edu> <1DDB0D3CC4E7F14FAE946361C0A6065504C210B0@isr-jlm-mail.Kayote.com>

FYI. Here are the proposed changes to RFC 5090 to address the problems that Mike found in Appendix A.

> Subject: RE: AUTH48 [SG]: RFC 5090 <draft-ietf-radext-rfc4590bis-02.txt> NOW AVAILABLE
> Date: Thu, 3 Jan 2008 17:07:13 +0200
> From: Baruch.Sterman@Kayote.com
> To: rfc-editor@rfc-editor.org; beckw@t-systems.com
> CC: david.schwartz@xconnect.net; dscreat@dscreat.com; dwilli@cisco.com; dromasca@avaya.com; rbonica@juniper.net; d.b.nelson@comcast.net; bernard_aboba@hotmail.com
>
> Here are corrections to the examples as per David's input. I hope this
> will put all of the outstanding issues to rest so that we can all sign
> off on the document.
>
> There are essentially 2 corrections. In each example, the response
> should be changed in two places.
>
> On page 24, change:
>
>
> A->B
>
> INVITE sip:97226491335@example.com SIP/2.0
> Proxy-Authorization: Digest algorithm="md5",nonce="3bada1a0"
> ,realm="example.com"
> ,response="7679b84a560835846ec553174dbabb69"
> ,uri="sip:97226491335@example.com",username="12345678"
> ,qop=auth,algorithm=MD5
> ,cnonce="56593a80,nc="00000001"
>
> From: <sip:12345678@example.com>
> To: <sip:97226491335@example.com>
>
>
> B->C
>
> Code = Access-Request (1)
> Packet identifier = 0x7d (125)
> Length = 221
> Authenticator = F5E55840E324AA49D216D9DBD069807D
> NAS-IP-Address = 192.0.2.38
> NAS-Port = 5
> User-Name = 12345678
> Digest-Method = INVITE
> Digest-URI = sip:97226491335@example.com
> Digest-Realm = example.com
> Digest-Qop = auth
> Digest-Algorithm = MD5
> Digest-CNonce = 56593a80
> Digest-Nonce = 3bada1a0
> Digest-Nonce-Count = 00000001
> Digest-Response = 7679b84a560835846ec553174dbabb69
> Digest-Username = 12345678
> SIP-AOR = sip:12345678@example.com
> Message-Authenticator = BD037498E8385878A46ECF4D5F8D2B48
>
>
> To
>
> A->B
>
> INVITE sip:97226491335@example.com SIP/2.0
> Proxy-Authorization: Digest algorithm="md5",nonce="3bada1a0"
> ,realm="example.com"
> ,response="756933f735fcd93f90a4bbdd5467f263"
> ,uri="sip:97226491335@example.com",username="12345678"
> ,qop=auth,algorithm=MD5
> ,cnonce="56593a80,nc="00000001"
>
> From: <sip:12345678@example.com>
> To: <sip:97226491335@example.com>
>
>
> B->C
>
> Code = Access-Request (1)
> Packet identifier = 0x7d (125)
> Length = 221
> Authenticator = F5E55840E324AA49D216D9DBD069807D
> NAS-IP-Address = 192.0.2.38
> NAS-Port = 5
> User-Name = 12345678
> Digest-Method = INVITE
> Digest-URI = sip:97226491335@example.com
> Digest-Realm = example.com
> Digest-Qop = auth
> Digest-Algorithm = MD5
> Digest-CNonce = 56593a80
> Digest-Nonce = 3bada1a0
> Digest-Nonce-Count = 00000001
> Digest-Response = 756933f735fcd93f90a4bbdd5467f263
> Digest-Username = 12345678
> SIP-AOR = sip:12345678@example.com
> Message-Authenticator = BD037498E8385878A46ECF4D5F8D2B48
>
>
> And on page 26, change
>
>
>
> A->B
>
> GET /index.html HTTP/1.1
> Authorization: Digest algorithm=MD5,qop=auth,nonce="a3086ac8"
> ,nc="00000001",cnonce="56593a78"
> ,realm="example.com"
> ,response="ba623217b5ec024d30c4aaef9d8494de"
> ,uri="/index.html",username="12345678"
>
> B->C
>
> Code = Access-Request (1)
> Packet identifier = 0x7f (127)
> Length = 176
> Authenticator = F5E55840E324AA49D216D9DBD069807F
> NAS-IP-Address = 192.0.2.38
> NAS-Port = 5
> User-Name = 12345678
> Digest-Method = GET
> Digest-URI = /index.html
> Digest-Realm = example.com
> Digest-Qop = auth
> Digest-Algorithm = MD5
> Digest-CNonce = 56593a80
> Digest-Nonce = a3086ac8
> Digest-Nonce-Count = 00000001
> Digest-Response = ba623217b5ec024d30c4aaef9d8494de
> Digest-Username = 12345678
> Message-Authenticator = C360BFCEDFFBCE893469E802013DA5AA
>
>
> To
>
>
>
> A->B
>
> GET /index.html HTTP/1.1
> Authorization: Digest algorithm=MD5,qop=auth,nonce="a3086ac8"
> ,nc="00000001",cnonce="56593a78"
> ,realm="example.com"
> ,response=" a4fac45c27a30f4f244c54a2e99fa117"
> ,uri="/index.html",username="12345678"
>
> B->C
>
> Code = Access-Request (1)
> Packet identifier = 0x7f (127)
> Length = 176
> Authenticator = F5E55840E324AA49D216D9DBD069807F
> NAS-IP-Address = 192.0.2.38
> NAS-Port = 5
> User-Name = 12345678
> Digest-Method = GET
> Digest-URI = /index.html
> Digest-Realm = example.com
> Digest-Qop = auth
> Digest-Algorithm = MD5
> Digest-CNonce = 56593a80
> Digest-Nonce = a3086ac8
> Digest-Nonce-Count = 00000001
> Digest-Response = a4fac45c27a30f4f244c54a2e99fa117
> Digest-Username = 12345678
> Message-Authenticator = C360BFCEDFFBCE893469E802013DA5AA
>
>
>
>
> Thanks to David and group.
>
> Baruch
>
>

Prev by Date: RE: Questions on modified Extended Attribute format?
Next by Date: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Previous by thread: Review of draft-gaonkar-radext-erp-attrs-02.txt
Next by thread: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Index(es):
- Date
- Thread