RFC Errata
RFC 4740, "Diameter Session Initiation Protocol (SIP) Application", November 2006
Source of RFC: aaa (ops)
Errata ID: 2315
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Alexandre Westfahl
Date Reported: 2010-06-28
Rejected by: Dan Romascanu
Date Rejected: 2011-08-03
Section 9.5.4 says:
SIP-Authorization ::= < AVP Header: 380 > { Digest-Username } { Digest-Realm } { Digest-Nonce } { Digest-URI } { Digest-Response } [ Digest-Algorithm ] [ Digest-CNonce ] [ Digest-Opaque ] [ Digest-QoP ] [ Digest-Nonce-Count ] [ Digest-Method] [ Digest-Entity-Body-Hash ] * [ Digest-Auth-Param ] * [ AVP ]
It should say:
SIP-Authorization ::= < AVP Header: 380 > *** [ Digest-Username ] *** [ Digest-Realm ] *** [ Digest-Nonce ] { Digest-URI } *** [ Digest-Response ] [ Digest-Algorithm ] [ Digest-CNonce ] [ Digest-Opaque ] [ Digest-QoP ] [ Digest-Nonce-Count ] [ Digest-Method] [ Digest-Entity-Body-Hash ] * [ Digest-Auth-Param ] * [ AVP ]
Notes:
According to RFC5090, defining Digest Authentication, we only have Digest-Method and Digest-URI during the first round trip.
As it is possible to add a Digest-Realm and Digest-Username, it is impossible to add a Digest-Nonce in the first round trip! The nonce is calculated in the diameter server so the RADIUS/Diameter gateway can't add a nonce when the first request arrive. This problem is not limited to Radius/Diameter gateway, a diameter peer can't add a nonce during the first MAR/MAA.
Maybe I was no clear enough in my explanation, since I am implementing Diameter-SIP now, I am sure there is a problem. I am available if you need more details or explanation.
--VERIFIER NOTES--
The errata is wrong.
The SIP-Authorization AVP carries the content of the Authorization header provided by the user in the SIP request.
As you can see below, the content of the
credentials = "Digest" digest-response
digest-response = 1#( username | realm | nonce | digest-uri
| response | [ algorithm ] | [cnonce] |
[opaque] | [message-qop] |
[nonce-count] | [auth-param] )
And username, realm, nonce, digest-uri, response are mandatory parameters in this header.
So the syntax is correct.