none
SIP authenticating server protocol version 4 and above RRS feed

  • Question

  • Hi,

    first thanks for all the open documents provided. It's a great resource for us developer.

    Unfortunately I have come to the limit of the documentation and missing some new feature explained.

    In MS-SIPAE (Version 2.0, Dec 12, 08), the extension to the SIP concerning authentication, everything is covered until and including authentication protocol version 3 (chapter 3.2.4.1 Sending Messages to the SIP Server). There are some additions to the signature computation in version 4 and above which are not covered here. Is there a chance that this will be added in the near future? Or is there an other source that explains what is missing?

    BR

    Peter

    Friday, January 30, 2009 2:17 PM

Answers

  • Hi Peter,

     

    We have reviewed your request about [MS-SIPAE] signing procedure and have some clarification questions.

     

    Could you clarify which additions to the signature computation procedure are not covered for the [MS-SIPAE] protocol version 4 and above?

     

    The signature token is computed based on the authentication context (NTLM or Kerberos) used for the security association.  [MS-SIPAE] relies on GSSAPI to use the selected authentication protocol. For more information on NTLM, see [MS-NLMP]. For more information about Kerberos, see [RFC4120] and [MS-KILE].

     

    As stated in [MS-SIPAE] “1.7 Versioning and Capability Negotiation”, the differences between versions are covered in the message processing sections where you will find processing details that are specific to authentication protocol version 3, 4 and above.  For instance:

    3.2.4.1 Sending Messages to the SIP Server

    3.2.5.1 Processing Challenges from the SIP Server

    3.3.5.2 Processing Messages with Authentication Response from the SIP Client

     

    Regards,

    Edgar

     

    • Marked as answer by phd_telesnap Tuesday, February 3, 2009 10:32 AM
    Tuesday, February 3, 2009 12:29 AM
    Moderator

All replies

  • Hi Peter,

    I have alerted our Protocols Support team concerning your request on the [MS-SIPAE] specification. One of our team members will contact you soon.

    Thanks,

    Edgar

    Friday, January 30, 2009 4:49 PM
    Moderator
  • Hi Peter,

     

    We have reviewed your request about [MS-SIPAE] signing procedure and have some clarification questions.

     

    Could you clarify which additions to the signature computation procedure are not covered for the [MS-SIPAE] protocol version 4 and above?

     

    The signature token is computed based on the authentication context (NTLM or Kerberos) used for the security association.  [MS-SIPAE] relies on GSSAPI to use the selected authentication protocol. For more information on NTLM, see [MS-NLMP]. For more information about Kerberos, see [RFC4120] and [MS-KILE].

     

    As stated in [MS-SIPAE] “1.7 Versioning and Capability Negotiation”, the differences between versions are covered in the message processing sections where you will find processing details that are specific to authentication protocol version 3, 4 and above.  For instance:

    3.2.4.1 Sending Messages to the SIP Server

    3.2.5.1 Processing Challenges from the SIP Server

    3.3.5.2 Processing Messages with Authentication Response from the SIP Client

     

    Regards,

    Edgar

     

    • Marked as answer by phd_telesnap Tuesday, February 3, 2009 10:32 AM
    Tuesday, February 3, 2009 12:29 AM
    Moderator
  • Hi Edgar,

    thanks very much for the fast reply.

    Reading your mentioned paragraphs in [MS-SIPAE] again, I know understand, that the changes from authentication protocol version 3 to 4 only applies to the challange response from the SIP client, and are fully covered in chapter 3.2.5.1 (5h) and 3.3.5.2 (8).
    From my first readings I had the impressions that the signature computation is also affected, but that was wrong.

    So, there are no missing explanations in the document.

    Maybe the protocol examples (chapter 4) could also cover version 4?

    Thanks again very much.
    Peter
    Tuesday, February 3, 2009 10:32 AM
  • Hi Peter,

    Thanks for your feedback. We will review your suggestion and let you know what have been decided.
    We appreciate your interest in Microsoft Open Specifications.

    Regards,
    Edgar
    Tuesday, February 3, 2009 10:30 PM
    Moderator
  • Peter,

    In regards to the protocol version 4 examples, your issue has been submitted to the Office documentation team for evaluation and if an update to the documentation is decided upon, it will be added in a future release.

    If there is something more we can assist you with, please do not hesitate to ask. We will do all we can to accommodate your request.

    Dominic Salemno
    Senior Support Escalation Engineer

    Thursday, February 12, 2009 6:54 PM