Skip to main content

Telechat Review of draft-ietf-sipcore-digest-scheme-10
review-ietf-sipcore-digest-scheme-10-genart-telechat-even-2019-10-22-00

Request Review of draft-ietf-sipcore-digest-scheme
Requested revision No specific revision (document currently at 15)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2019-10-29
Requested 2019-10-14
Authors Rifaat Shekh-Yusef
I-D last updated 2019-10-22
Completed reviews Secdir Last Call review of -08 by David Mandelberg (diff)
Genart Telechat review of -10 by Roni Even (diff)
Opsdir Telechat review of -10 by Al Morton (diff)
Assignment Reviewer Roni Even
State Completed
Request Telechat review on draft-ietf-sipcore-digest-scheme by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/oC0ciY0ekkuXwy5kkwpJZQztcOs
Reviewed revision 10 (document currently at 15)
Result Almost ready
Completed 2019-10-22
review-ietf-sipcore-digest-scheme-10-genart-telechat-even-2019-10-22-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: None
IESG Telechat date: 2019-10-31

Summary:
The document is almost ready for publication as a standard track RFC

Major issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the challenges in the
response, then it SHOULD abandon attempts to send the request, e.g. if the UAC
   does not have credentials or has stale credentials for any of the realms,
   unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " If no
   credentials for a realm can be located, UACs MAY attempt to retry the
   request with a username of "anonymous" and no password (a  password of "").
   Is this deprecated ?

2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it

3. it may be good to have a backward compatibility section.

Nits/editorial comments: