RADIUS Extension for Digest Authentication
RFC 4590
Document Type RFC - Proposed Standard (July 2006; Errata)
Obsoleted by RFC 5090
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4590 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD David Kessens
Send notices to dnelson@enterasys.com, aboba@internaut.com, bernard_aboba@hotmail.com
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                         B. Sterman
Request for Comments: 4590                               Kayote Networks
Category: Standards Track                                  D. Sadolevsky
                                                          SecureOL, Inc.
                                                             D. Schwartz
                                                         Kayote Networks
                                                             D. Williams
                                                           Cisco Systems
                                                                 W. Beck
                                                     Deutsche Telekom AG
                                                               July 2006

               RADIUS Extension for Digest Authentication

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document defines an extension to the Remote Authentication
   Dial-In User Service (RADIUS) protocol to enable support of Digest
   Authentication, for use with HTTP-style protocols like the Session
   Initiation Protocol (SIP) and HTTP.

Table of Contents

1. Introduction ....................................................2
   1.1. Terminology ................................................2
   1.2. Motivation .................................................3
   1.3. Overview ...................................................4
2. Detailed Description ............................................6
   2.1. RADIUS Client Behavior .....................................6
        2.1.1. Credential Selection ................................6
        2.1.2. Constructing an Access-Request ......................6
        2.1.3. Constructing an Authentication-Info Header ..........7
        2.1.4. Failed Authentication ...............................8
        2.1.5. Obtaining Nonces ....................................9
   2.2. RADIUS Server Behavior .....................................9

Sterman, et al.             Standards Track                     [Page 1]
RFC 4590              RADIUS Digest Authentication             July 2006

        2.2.1. General Attribute Checks ............................9
        2.2.2. Authentication .....................................10
        2.2.3. Constructing the Reply .............................11
3. New RADIUS Attributes ..........................................12
   3.1. Digest-Response attribute .................................12
   3.2. Digest-Realm Attribute ....................................13
   3.3. Digest-Nonce Attribute ....................................13
   3.4. Digest-Response-Auth Attribute ............................14
   3.5. Digest-Nextnonce Attribute ................................14
   3.6. Digest-Method Attribute ...................................14
   3.7. Digest-URI Attribute ......................................15
   3.8. Digest-Qop Attribute ......................................15
   3.9. Digest-Algorithm Attribute ................................16
   3.10. Digest-Entity-Body-Hash Attribute ........................16
   3.11. Digest-CNonce Attribute ..................................17
   3.12. Digest-Nonce-Count Attribute .............................17
   3.13. Digest-Username Attribute ................................17
   3.14. Digest-Opaque Attribute ..................................18
   3.15. Digest-Auth-Param Attribute ..............................18
   3.16. Digest-AKA-Auts Attribute ................................19
   3.17. Digest-Domain Attribute ..................................19
   3.18. Digest-Stale Attribute ...................................20
   3.19. Digest-HA1 Attribute .....................................20
   3.20. SIP-AOR Attribute ........................................21
4. Diameter Compatibility .........................................21
5. Table of Attributes ............................................22
6. Examples .......................................................23
7. IANA Considerations ............................................27
8. Security Considerations ........................................27
   8.1. Denial of Service .........................................28
   8.2. Confidentiality and Data Integrity ........................28
9. Acknowledgements ...............................................29
10. References ....................................................29
   10.1. Normative References .....................................29
   10.2. Informative References ...................................30
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools