> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, February 25, 2001 4:29 AM
> To: [EMAIL PROTECTED]
> Subject: [Sip-implementors] Message integrity in digest authentication
>
>
>
>
> Hi
> In section 13.2 of the bis draft it is mentioned that "basic" and
> "digest" authentication mechanisms offer authentication only, without
> message integrity. In the digest authentication mechanism however, the
> "entity-body" is signed when qop is auth-int. Though the SIP
> draft does not
> specify what the entity body here means, I saw a mail in
> lists that said
> that message-body and entity-body are synonymous in SIP. Is
> this correct ?
Yes.
> If yes, isn't digest authentication offering message
> integrity (for the
> message body at least) ?
Yes.
> Perhaps this needs to be made a
> little clearer in
> the draft. Section 14.3 which contains SIP specific clarifications for
> digest authentication might be appropriate for this.
The reason its not clear is that this capability of http digest did not
exist when sip was published (sip = rfc2543, the latest digest spec is
rfc2617). The usage of these new features needs to be clarified, yes, but
carefully. Thats because a draft specification cannot contain normative
references to anything that is at proposed standard. Since rfc2617 is at
proposed, those capabilies may need to be described in an appendix or
something.
-Jonathan R.
---
Jonathan D. Rosenberg 72 Eagle Rock Ave.
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.cs.columbia.edu/~jdrosen PHONE: (973) 952-5000
http://www.dynamicsoft.com
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
