SIP authenticating server protocol version 4 and above

Question

Hi,

first thanks for all the open documents provided. It's a great resource for us developer.

Unfortunately I have come to the limit of the documentation and missing some new feature explained.

In MS-SIPAE (Version 2.0, Dec 12, 08), the extension to the SIP concerning authentication, everything is covered until and including authentication protocol version 3 (chapter 3.2.4.1 Sending Messages to the SIP Server). There are some additions to the signature computation in version 4 and above which are not covered here. Is there a chance that this will be added in the near future? Or is there an other source that explains what is missing?

BR

Peter

Answer 1

Hi Peter,

I have alerted our Protocols Support team concerning your request on the [MS-SIPAE] specification. One of our team members will contact you soon.

Thanks,

Edgar

Answer 2

Hi Peter,

 

We have reviewed your request about [MS-SIPAE] signing procedure and have some clarification questions.

 

Could you clarify which additions to the signature computation procedure are not covered for the [MS-SIPAE] protocol version 4 and above?

 

The signature token is computed based on the authentication context (NTLM or Kerberos) used for the security association.  [MS-SIPAE] relies on GSSAPI to use the selected authentication protocol. For more information on NTLM, see [MS-NLMP]. For more information about Kerberos, see [RFC4120] and [MS-KILE].

 

As stated in [MS-SIPAE] “1.7 Versioning and Capability Negotiation”, the differences between versions are covered in the message processing sections where you will find processing details that are specific to authentication protocol version 3, 4 and above.  For instance:

3.2.4.1 Sending Messages to the SIP Server

3.2.5.1 Processing Challenges from the SIP Server

3.3.5.2 Processing Messages with Authentication Response from the SIP Client

 

Regards,

Edgar

 

Answer 3

Hi Edgar,

thanks very much for the fast reply.

Reading your mentioned paragraphs in [MS-SIPAE] again, I know understand, that the changes from authentication protocol version 3 to 4 only applies to the challange response from the SIP client, and are fully covered in chapter 3.2.5.1 (5h) and 3.3.5.2 (8).
From my first readings I had the impressions that the signature computation is also affected, but that was wrong.

So, there are no missing explanations in the document.

Maybe the protocol examples (chapter 4) could also cover version 4?

Thanks again very much.
Peter

Answer 4

Hi Peter,

Thanks for your feedback. We will review your suggestion and let you know what have been decided.
We appreciate your interest in Microsoft Open Specifications.

Regards,
Edgar

Answer 5

Peter,

In regards to the protocol version 4 examples, your issue has been submitted to the Office documentation team for evaluation and if an update to the documentation is decided upon, it will be added in a future release.

If there is something more we can assist you with, please do not hesitate to ask. We will do all we can to accommodate your request.

Dominic Salemno
Senior Support Escalation Engineer

Answer 6

It seems to be good solution http://voipsipsdk.com/Download.aspx