draft-ietf-radext-rfc4590bis-02.txt   rfc5090.txt 
Network Working Group B. Sterman Network Working Group B. Sterman
INTERNET-DRAFT Kayote Networks Request for Comments: 5090 Kayote Networks
Obsoletes: 4590 D. Sadolevsky Obsoletes: 4590 D. Sadolevsky
Category: Standards Track SecureOL, Inc. Category: Standards Track SecureOL, Inc.
<draft-ietf-radext-rfc4590bis-02.txt> D. Schwartz D. Schwartz
2 July 2007 Kayote Networks Kayote Networks
D. Williams D. Williams
Cisco Systems Cisco Systems
W. Beck W. Beck
Deutsche Telekom AG Deutsche Telekom AG
February 2008
RADIUS Extension for Digest Authentication RADIUS Extension for Digest Authentication
By submitting this Internet-Draft, each author represents that any Status of This Memo
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 17, 2007.
Copyright Notice
Copyright (C) The IETF Trust (2007). All Rights Reserved. This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract Abstract
This document defines an extension to the Remote Authentication Dial- This document defines an extension to the Remote Authentication
In User Service (RADIUS) protocol to enable support of Digest Dial-In User Service (RADIUS) protocol to enable support of Digest
Authentication, for use with HTTP-style protocols like the Session Authentication, for use with HTTP-style protocols like the Session
Initiation Protocol (SIP) and HTTP. Initiation Protocol (SIP) and HTTP.
Table of Contents Table of Contents
1. Introduction ....................................................3 1. Introduction ....................................................3
1.1. Terminology ................................................3 1.1. Motivation .................................................3
1.2. Motivation .................................................3 1.2. Terminology ................................................3
1.3. Overview ...................................................4 1.3. Overview ...................................................4
2. Detailed Description ............................................6 2. Detailed Description ............................................6
2.1. RADIUS Client Behavior .....................................6 2.1. RADIUS Client Behavior .....................................6
2.2. RADIUS Server Behavior .....................................9 2.2. RADIUS Server Behavior .....................................9
3. New RADIUS Attributes ..........................................12 3. New RADIUS Attributes ..........................................12
3.1. Digest-Response attribute .................................12 3.1. Digest-Response Attribute .................................12
3.2. Digest-Realm Attribute ....................................13 3.2. Digest-Realm Attribute ....................................13
3.3. Digest-Nonce Attribute ....................................13 3.3. Digest-Nonce Attribute ....................................13
3.4. Digest-Response-Auth Attribute ............................14 3.4. Digest-Response-Auth Attribute ............................14
3.5. Digest-Nextnonce Attribute ................................14 3.5. Digest-Nextnonce Attribute ................................14
3.6. Digest-Method Attribute ...................................15 3.6. Digest-Method Attribute ...................................15
3.7. Digest-URI Attribute ......................................15 3.7. Digest-URI Attribute ......................................15
3.8. Digest-Qop Attribute ......................................15 3.8. Digest-Qop Attribute ......................................15
3.9. Digest-Algorithm Attribute ................................16 3.9. Digest-Algorithm Attribute ................................16
3.10. Digest-Entity-Body-Hash Attribute ........................16 3.10. Digest-Entity-Body-Hash Attribute ........................16
3.11. Digest-CNonce Attribute ..................................17 3.11. Digest-CNonce Attribute ..................................17
skipping to change at page 2, line 38 skipping to change at page 2, line 38
3.14. Digest-Opaque Attribute ..................................18 3.14. Digest-Opaque Attribute ..................................18
3.15. Digest-Auth-Param Attribute ..............................18 3.15. Digest-Auth-Param Attribute ..............................18
3.16. Digest-AKA-Auts Attribute ................................19 3.16. Digest-AKA-Auts Attribute ................................19
3.17. Digest-Domain Attribute ..................................19 3.17. Digest-Domain Attribute ..................................19
3.18. Digest-Stale Attribute ...................................20 3.18. Digest-Stale Attribute ...................................20
3.19. Digest-HA1 Attribute .....................................20 3.19. Digest-HA1 Attribute .....................................20
3.20. SIP-AOR Attribute ........................................21 3.20. SIP-AOR Attribute ........................................21
4. Diameter Compatibility .........................................21 4. Diameter Compatibility .........................................21
5. Table of Attributes ............................................21 5. Table of Attributes ............................................21
6. Examples .......................................................23 6. Examples .......................................................23
7. IANA Considerations ............................................26 7. IANA Considerations ............................................27
8. Security Considerations ........................................27 8. Security Considerations ........................................28
8.1. Denial of Service .........................................27 8.1. Denial of Service .........................................28
8.2. Confidentiality and Data Integrity ........................28 8.2. Confidentiality and Data Integrity ........................28
9. References .....................................................29 9. References .....................................................29
9.1. Normative References ......................................29 9.1. Normative References ......................................29
9.2. Informative References ....................................29 9.2. Informative References ....................................30
Acknowledgements ..................................................30
Author's Addresses ................................................30
Appendix A - Changes from RFC 4590 ................................31 Appendix A - Changes from RFC 4590 ................................31
Full Copyright Statement ..........................................32 Acknowledgements ..................................................31
Intellectual Property .............................................32
1. Introduction 1. Introduction
1.1. Terminology 1.1. Motivation
The HTTP Digest Authentication mechanism, defined in [RFC2617], was
subsequently adapted for use with SIP [RFC3261]. Due to the
limitations and weaknesses of Digest Authentication (see [RFC2617],
Section 4), additional authentication and encryption mechanisms are
defined in SIP [RFC3261], including Transport Layer Security (TLS)
[RFC4346] and Secure MIME (S/MIME) [RFC3851]. However, Digest
Authentication support is mandatory in SIP implementations, and
Digest Authentication is the preferred way for a SIP UA to
authenticate itself to a proxy server. Digest Authentication is used
in other protocols as well.
To simplify the provisioning of users, there is a need to support
this authentication mechanism within Authentication, Authorization,
and Accounting (AAA) protocols such as RADIUS [RFC2865] and Diameter
[RFC3588].
This document defines an extension to the RADIUS protocol to enable
support of Digest Authentication for use with SIP, HTTP, and other
HTTP-style protocols using this authentication method. Support for
Digest mechanisms such as Authentication and Key Agreement (AKA)
[RFC3310] is also supported. A companion document [RFC4740] defines
support for Digest Authentication within Diameter.
1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
The use of normative requirement key words in this document shall The use of normative requirement key words in this document shall
apply only to RADIUS client and RADIUS server implementations that apply only to RADIUS client and RADIUS server implementations that
include the features described in this document. This document include the features described in this document. This document
creates no normative requirements for existing implementations. creates no normative requirements for existing implementations.
HTTP-style protocol HTTP-style protocol
The term 'HTTP-style' denotes any protocol that uses HTTP-like The term "HTTP-style" denotes any protocol that uses HTTP-like
headers and uses HTTP Digest Authentication as described in headers and uses HTTP Digest Authentication as described in
[RFC2617]. Examples are HTTP and the Session Initiation Protocol [RFC2617]. Examples are HTTP and the Session Initiation Protocol
(SIP). (SIP).
NAS Network Access Server, the RADIUS client. NAS (Network Access Server)
The RADIUS client.
nonce nonce
An unpredictable value used to prevent replay attacks. The nonce An unpredictable value used to prevent replay attacks. The nonce
generator may use cryptographic mechanisms to produce nonces it can generator may use cryptographic mechanisms to produce nonces it
recognize without maintaining state. can recognize without maintaining state.
protection space protection space
HTTP-style protocols differ in their definition of the protection HTTP-style protocols differ in their definition of the protection
space. For HTTP, it is defined as the combination of realm and space. For HTTP, it is defined as the combination of the realm
canonical root URL of the requested resource for which the use is and canonical root URL of the requested resource for which the use
authorized by the RADIUS server. In the case of SIP, the realm is authorized by the RADIUS server. In the case of SIP, the realm
string alone defines the protection space. string alone defines the protection space.
SIP UA SIP UA (SIP User Agent)
SIP User Agent, an Internet endpoint that uses the Session An Internet endpoint that uses the Session Initiation Protocol.
Initiation Protocol.
SIP UAS
SIP User Agent Server, a logical entity that generates a response
to a SIP (Session Initiation Protocol) request.
1.2. Motivation
The HTTP Digest Authentication mechanism, defined in [RFC2617], was
subsequently adapted for use with SIP [RFC3261]. Due to the
limitations and weaknesses of Digest Authentication (see [RFC2617],
section 4), additional authentication and encryption mechanisms are
defined in SIP [RFC3261], including Transport Layer Security (TLS)
[RFC4346] and Secure MIME (S/MIME) [RFC3851]. However, Digest
Authentication support is mandatory in SIP implementations, and
Digest Authentication is the preferred way for a SIP UA to
authenticate itself to a proxy server. Digest Authentication is used
in other protocols as well.
To simplify the provisioning of users, there is a need to support
this authentication mechanism within Authentication, Authorization,
and Accounting (AAA) protocols such as RADIUS [RFC2865] and Diameter
[RFC3588].
This document defines an extension to the RADIUS protocol to enable SIP UAS (SIP User Agent Server)
support of Digest Authentication for use with SIP, HTTP, and other A logical entity that generates a response to a SIP (Session
HTTP-style protocols using this authentication method. Support for Initiation Protocol) request.
Digest mechanisms such as Authentication and Key Agreement (AKA)
[RFC3310] is also supported. A companion document [RFC4740] defines
support for Digest Authentication within Diameter.
1.3. Overview 1.3. Overview
HTTP Digest is a challenge-response protocol used to authenticate a HTTP Digest is a challenge-response protocol used to authenticate a
client's request to access some resource on a server. Figure 1 shows client's request to access some resource on a server. Figure 1 shows
a single HTTP Digest transaction. a single HTTP Digest transaction.
HTTP/SIP.. HTTP/SIP..
+------------+ (1) +------------+ +------------+ (1) +------------+
| |--------->| | | |--------->| |
| HTTP-style | (2) | HTTP-style | | HTTP-style | (2) | HTTP-style |
| client |<---------| server | | client |<---------| server |
| | (3) | | | | (3) | |
| |--------->| | | |--------->| |
| | (4) | | | | (4) | |
| |<---------| | | |<---------| |
+------------+ +------------+ +------------+ +------------+
Figure 1: Digest operation without RADIUS Figure 1: Digest Operation without RADIUS
If the client sends a request without any credentials (1), the server If the client sends a request without any credentials (1), the server
will reply with an error response (2) containing a nonce. The client will reply with an error response (2) containing a nonce. The client
creates a cryptographic digest from parts of the request, from the creates a cryptographic digest from parts of the request, from the
nonce it received from the server, and from a shared secret. The nonce it received from the server, and from a shared secret. The
client re-transmits the request (3) to the server, but now includes client retransmits the request (3) to the server, but now includes
the digest within the packet. The server does the same digest the digest within the packet. The server does the same digest
calculation as the client and compares the result with the digest it calculation as the client and compares the result with the digest it
received in (3). If the digest values are identical, the server received in (3). If the digest values are identical, the server
grants access to the resource and sends a positive response to the grants access to the resource and sends a positive response to the
client (4). If the digest values differ, the server sends a negative client (4). If the digest values differ, the server sends a negative
response to the client (4). response to the client (4).
Instead of maintaining a local user database, the server could use Instead of maintaining a local user database, the server could use
RADIUS to access a centralized user database. However, RADIUS RADIUS to access a centralized user database. However, RADIUS
[RFC2865] does not include support for HTTP Digest Authentication. [RFC2865] does not include support for HTTP Digest Authentication.
The RADIUS client cannot use the User-Password attribute, since it The RADIUS client cannot use the User-Password Attribute, since it
does not receive a password from the HTTP-style client. The CHAP- does not receive a password from the HTTP-style client. The CHAP-
Challenge and CHAP-Password attributes described in [RFC1994] are Challenge and CHAP-Password attributes described in [RFC1994] are
also not suitable since the CHAP algorithm is not compatible with also not suitable since the Challenge Handshake Authentication
HTTP Digest. Protocol (CHAP) algorithm is not compatible with HTTP Digest.
This document defines new attributes that enable the RADIUS server to This document defines new attributes that enable the RADIUS server to
perform the digest calculation defined in [RFC2617], providing perform the digest calculation defined in [RFC2617], providing
support for Digest Authentication as a native authentication support for Digest Authentication as a native authentication
mechanism within RADIUS. mechanism within RADIUS.
The nonces required by the digest algorithm are generated by the The nonces required by the digest algorithm are generated by the
RADIUS server. Generating them in the RADIUS client would save a RADIUS server. Generating them in the RADIUS client would save a
round-trip, but introduce security and operational issues. Some round-trip, but introduce security and operational issues. Some
digest algorithms -- e.g., AKA [RFC3310] -- would not work. digest algorithms -- e.g., AKA [RFC3310] -- would not work.
skipping to change at page 6, line 14 skipping to change at page 6, line 15
A: HTTP client / SIP UA A: HTTP client / SIP UA
B: {HTTP server / HTTP proxy server / SIP proxy server / SIP UAS} B: {HTTP server / HTTP proxy server / SIP proxy server / SIP UAS}
acting also as a RADIUS NAS acting also as a RADIUS NAS
C: RADIUS server C: RADIUS server
The following messages are sent in this scenario: The following messages are sent in this scenario:
A sends B an HTTP/SIP request without an authorization header (step A sends B an HTTP/SIP request without an Authorization header (step
1). B sends an Access-Request packet with the newly defined Digest- 1). B sends an Access-Request packet with the newly defined Digest-
Method and Digest-URI attributes but without a Digest-Nonce attribute Method and Digest-URI attributes but without a Digest-Nonce Attribute
to the RADIUS server, C (step 2). C chooses a nonce and responds to the RADIUS server, C (step 2). C chooses a nonce and responds
with an Access-Challenge (step 3). This Access-Challenge contains with an Access-Challenge (step 3). This Access-Challenge contains
Digest attributes, from which B takes values to construct an HTTP/SIP Digest attributes, from which B takes values to construct an HTTP/SIP
"(Proxy) Authorization required" response. B sends this response to "(Proxy) Authorization required" response. B sends this response to
A (step 4). A resends its request with its credentials (step 5). B A (step 4). A resends its request with its credentials (step 5). B
sends an Access-Request to C (step 6). C checks the credentials and sends an Access-Request to C (step 6). C checks the credentials and
replies with Access-Accept or Access-Reject (step 7). Depending on replies with Access-Accept or Access-Reject (step 7). Depending on
C's result, B processes A's request or rejects it with a "(Proxy) C's result, B processes A's request or rejects it with a "(Proxy)
Authorization required" response (step 8). Authorization required" response (step 8).
skipping to change at page 6, line 41 skipping to change at page 6, line 42
The attributes described in this document are sent in cleartext. The attributes described in this document are sent in cleartext.
Therefore, were a RADIUS client to accept secure connections (HTTPS Therefore, were a RADIUS client to accept secure connections (HTTPS
or SIPS) from HTTP-style clients, this could result in information or SIPS) from HTTP-style clients, this could result in information
intentionally protected by HTTP-style clients being sent in the clear intentionally protected by HTTP-style clients being sent in the clear
during RADIUS exchange. during RADIUS exchange.
2.1.1. Credential Selection 2.1.1. Credential Selection
On reception of an HTTP-style request message, the RADIUS client On reception of an HTTP-style request message, the RADIUS client
checks whether it is authorized to authenticate the request. Where checks whether it is authorized to authenticate the request. Where
an HTTP-style request traverses several proxies and each of the an HTTP-style request traverses several proxies, and each of the
proxies requests to authenticate the HTTP-style client, the request proxies requests to authenticate the HTTP-style client, the request
at the HTTP-style server may contain multiple credential sets. at the HTTP-style server may contain multiple credential sets.
The RADIUS client can use the 'realm' directive in HTTP to determine The RADIUS client can use the realm directive in HTTP to determine
which credentials are applicable. Where none of the realms are of which credentials are applicable. Where none of the realms are of
interest, the RADIUS client MUST behave as though no relevant interest, the RADIUS client MUST behave as though no relevant
credentials were sent. In all situations, the RADIUS client MUST credentials were sent. In all situations, the RADIUS client MUST
send zero or exactly one credential to the RADIUS server. The RADIUS send zero or exactly one credential to the RADIUS server. The RADIUS
client MUST choose the credential of the (Proxy-)Authorization header client MUST choose the credential of the (Proxy-)Authorization header
if the realm directive matches its locally configured realm. if the realm directive matches its locally configured realm.
2.1.2. Constructing an Access-Request 2.1.2. Constructing an Access-Request
If a matching (Proxy-)Authorization header is present and contains If a matching (Proxy-)Authorization header is present and contains
HTTP Digest information, the RADIUS client checks the 'nonce' HTTP Digest information, the RADIUS client checks the nonce
parameter. parameter.
If the RADIUS client recognizes the nonce, it takes the header If the RADIUS client recognizes the nonce, it takes the header
directives and puts them into a RADIUS Access-Request packet. It directives and puts them into a RADIUS Access-Request packet. It
puts the 'response' directive into a Digest-Response attribute and puts the response directive into a Digest-Response Attribute and the
the realm, nonce, digest-uri, qop, algorithm, cnonce, nc, username, realm, nonce, digest-uri, qop, algorithm, cnonce, nc, username, and
and opaque directives into the respective Digest-Realm, Digest-Nonce, opaque directives into the respective Digest-Realm, Digest-Nonce,
Digest-URI, Digest-Qop, Digest-Algorithm, Digest-CNonce, Digest- Digest-URI, Digest-Qop, Digest-Algorithm, Digest-CNonce, Digest-
Nonce-Count, Digest-Username, and Digest-Opaque attributes. The Nonce-Count, Digest-Username, and Digest-Opaque attributes. The
RADIUS client puts the request method into the Digest-Method RADIUS client puts the request method into the Digest-Method
attribute. Attribute.
Due to syntactic requirements, HTTP-style protocols have to escape Due to HTTP syntactic requirements, quoted strings found in HTTP
with backslash all quote and backslash characters in contents of HTTP Digest directives may contain escaped quote and backslash characters.
Digest directives. When translating directives into RADIUS When translating these directives into RADIUS attributes, the RADIUS
attributes, the RADIUS client only removes the surrounding quotes client only removes the leading and trailing quote characters which
where present. See Section 3 for an example. surround the directive value, it does not unescape anything within
the string. See Section 3 for an example.
If the Quality of Protection (qop) directive's value is 'auth-int', If the Quality of Protection (qop) directive's value is 'auth-int',
the RADIUS client calculates H(entity-body) as described in the RADIUS client calculates H(entity-body) as described in
[RFC2617], Section 3.2.1, and puts the result in a Digest-Entity- [RFC2617], Section 3.2.1, and puts the result in a Digest-Entity-
Body-Hash attribute. Body-Hash Attribute.
The RADIUS client adds a Message-Authenticator attribute, defined in The RADIUS client adds a Message-Authenticator Attribute, defined in
[RFC3579], and sends the Access-Request packet to the RADIUS server. [RFC3579], and sends the Access-Request packet to the RADIUS server.
The RADIUS server processes the packet and responds with an Access- The RADIUS server processes the packet and responds with an Access-
Accept or an Access-Reject. Accept or an Access-Reject.
2.1.3. Constructing an Authentication-Info Header 2.1.3. Constructing an Authentication-Info Header
After having received an Access-Accept from the RADIUS server, the After having received an Access-Accept from the RADIUS server, the
RADIUS client constructs an Authentication-Info header: RADIUS client constructs an Authentication-Info header:
o If the Access-Accept packet contains a Digest-Response-Auth o If the Access-Accept packet contains a Digest-Response-Auth
attribute, the RADIUS client checks the Digest-Qop attribute: Attribute, the RADIUS client checks the Digest-Qop Attribute:
* If the Digest-Qop attribute's value is 'auth' or not specified, * If the Digest-Qop Attribute's value is 'auth' or not specified,
the RADIUS client puts the Digest-Response-Auth attribute's the RADIUS client puts the Digest-Response-Auth Attribute's
content into the Authentication-Info header's 'rspauth' content into the Authentication-Info header's rspauth directive
directive of the HTTP-style response. of the HTTP-style response.
* If the Digest-Qop attribute's value is 'auth-int', the RADIUS * If the Digest-Qop Attribute's value is 'auth-int', the RADIUS
client ignores the Access-Accept packet and behaves as if it client ignores the Access-Accept packet and behaves as if it
had received an Access-Reject packet (Digest-Response-Auth had received an Access-Reject packet (Digest-Response-Auth
can't be correct as the RADIUS server does not know the can't be correct as the RADIUS server does not know the
contents of the HTTP-style response's body). contents of the HTTP-style response's body).
o If the Access-Accept packet contains a Digest-HA1 attribute, the o If the Access-Accept packet contains a Digest-HA1 Attribute, the
RADIUS client checks the 'qop' and 'algorithm' directives in the RADIUS client checks the qop and algorithm directives in the
Authorization header of the HTTP-style request it wants to Authorization header of the HTTP-style request it wants to
authorize: authorize:
* If the 'qop' directive is missing or its value is 'auth', the * If the qop directive is missing or its value is 'auth', the
RADIUS client ignores the Digest-HA1 attribute. It does not RADIUS client ignores the Digest-HA1 Attribute. It does not
include an Authentication-Info header in its HTTP-style include an Authentication-Info header in its HTTP-style
response. response.
* If the 'qop' directive's value is 'auth-int' and at least one * If the qop directive's value is 'auth-int' and at least one of
of the following conditions is true, the RADIUS client the following conditions is true, the RADIUS client calculates
calculates the contents of the HTTP-style response's 'rspauth' the contents of the HTTP-style response's rspauth directive:
directive:
+ The algorithm directive's value is 'MD5-sess' or + The algorithm directive's value is 'MD5-sess' or 'AKAv1-
'AKAv1-MD5-sess'. MD5-sess'.
+ IP Security (IPsec) is configured to protect traffic between + IP Security (IPsec) is configured to protect traffic between
the RADIUS client and RADIUS server with IPsec (see the RADIUS client and RADIUS server with IPsec (see Section
Section 8). 8).
It creates the HTTP-style response message and calculates the The RADIUS client creates the HTTP-style response message and
hash of this message's body. It uses the result and the calculates the hash of this message's body. It uses the result
Digest-URI attribute's value of the corresponding and the Digest-URI Attribute's value of the corresponding
Access-Request packet to perform the H(A2) calculation. It Access-Request packet to perform the H(A2) calculation. It
takes the Digest-Nonce, Digest-Nonce-Count, Digest-CNonce, and takes the Digest-Nonce, Digest-Nonce-Count, Digest-CNonce, and
Digest-Qop values of the corresponding Access-Request and the Digest-Qop values of the corresponding Access-Request and the
Digest-HA1 attribute's value to finish the computation of the Digest-HA1 Attribute's value to finish the computation of the
'rspauth' value. rspauth value.
o If the Access-Accept packet contains neither a o If the Access-Accept packet contains neither a Digest-Response-
Digest-Response-Auth nor a Digest-HA1 attribute, the RADIUS client Auth nor a Digest-HA1 Attribute, the RADIUS client will not create
will not create an Authentication-Info header for its HTTP-style an Authentication-Info header for its HTTP-style response.
response.
When the RADIUS server provides a Digest-Nextnonce attribute in the When the RADIUS server provides a Digest-Nextnonce Attribute in the
Access-Accept packet, the RADIUS client puts the contents of this Access-Accept packet, the RADIUS client puts the contents of this
attribute into a 'nextnonce' directive. Now it can send an HTTP- attribute into a nextnonce directive. Now it can send an HTTP-style
style response. response.
2.1.4. Failed Authentication 2.1.4. Failed Authentication
If the RADIUS client did receive an HTTP-style request without a If the RADIUS client did receive an HTTP-style request without a
(Proxy-)Authorization header matching its locally configured realm (Proxy-)Authorization header matching its locally configured realm
value, it obtains a new nonce and sends an error response (401 or value, it obtains a new nonce and sends an error response (401 or
407) containing a (Proxy-)Authenticate header. 407) containing a (Proxy-)Authenticate header.
If the RADIUS client receives an Access-Challenge packet in response If the RADIUS client receives an Access-Challenge packet in response
to an Access-Request containing a Digest-Nonce attribute, the RADIUS to an Access-Request containing a Digest-Nonce Attribute, the RADIUS
server did not accept the nonce. If a Digest-Stale attribute is server did not accept the nonce. If a Digest-Stale Attribute is
present in the Access-Challenge and has a value of 'true' (without present in the Access-Challenge and has a value of 'true' (without
surrounding quotes), the RADIUS client sends an error response (401 surrounding quotes), the RADIUS client sends an error response (401
or 407) containing a WWW-/Proxy-Authenticate header with the or 407) containing a WWW-/Proxy-Authenticate header with the stale
directive 'stale' and the digest directives derived from the Digest-* directive set to 'true' and the digest directives derived from the
attributes. Digest-* attributes.
If the RADIUS client receives an Access-Reject from the RADIUS If the RADIUS client receives an Access-Reject from the RADIUS
server, it sends an error response to the HTTP-style request it has server, it sends an error response to the HTTP-style request it has
received. If the RADIUS client does not receive a response, it received. If the RADIUS client does not receive a response, it
retransmits or fails over to another RADIUS server as described in retransmits or fails over to another RADIUS server as described in
[RFC2865]. [RFC2865].
2.1.5. Obtaining Nonces 2.1.5. Obtaining Nonces
The RADIUS client has two ways to obtain nonces: it has received one The RADIUS client has two ways to obtain nonces: it has received one
in a Digest-Nextnonce attribute of a previously received Access- in a Digest-Nextnonce Attribute of a previously received Access-
Accept packet or it asks the RADIUS server for one. To do the Accept packet, or it asks the RADIUS server for one. To do the
latter, it sends an Access-Request containing a Digest-Method and a latter, it sends an Access-Request containing a Digest-Method and a
Digest-URI attribute but without a Digest-Nonce attribute. It adds a Digest-URI Attribute, but without a Digest-Nonce Attribute. It adds
Message-Authenticator (see [RFC3579]) attribute to the Access-Request a Message-Authenticator (see [RFC3579]) Attribute to the Access-
packet. The RADIUS server chooses a nonce and responds with an Request packet. The RADIUS server chooses a nonce and responds with
Access-Challenge containing a Digest-Nonce attribute. an Access-Challenge containing a Digest-Nonce Attribute.
The RADIUS client constructs a (Proxy-)Authenticate header using the The RADIUS client constructs a (Proxy-)Authenticate header using the
received Digest-Nonce and Digest-Realm attributes to fill the nonce received Digest-Nonce and Digest-Realm attributes to fill the nonce
and realm directives. The RADIUS server can send Digest-Qop, Digest- and realm directives. The RADIUS server can send Digest-Qop,
Algorithm, Digest-Domain, and Digest-Opaque attributes in the Access- Digest-Algorithm, Digest-Domain, and Digest-Opaque attributes in the
Challenge carrying the nonce. If these attributes are present, the Access-Challenge carrying the nonce. If these attributes are
client MUST use them. present, the client MUST use them.
2.2. RADIUS Server Behavior 2.2. RADIUS Server Behavior
If the RADIUS server receives an Access-Request packet with a Digest- If the RADIUS server receives an Access-Request packet with a
Method and a Digest-URI attribute but without a Digest-Nonce Digest-Method and a Digest-URI Attribute but without a Digest-Nonce
attribute, it chooses a nonce. It puts the nonce into a Digest-Nonce Attribute, it chooses a nonce. It puts the nonce into a Digest-Nonce
attribute and sends it in an Access-Challenge packet to the RADIUS Attribute and sends it in an Access-Challenge packet to the RADIUS
client. The RADIUS server MUST add Digest-Realm, Message- client. The RADIUS server MUST add Digest-Realm, Message-
Authenticator (see [RFC3579]), SHOULD add Digest-Algorithm and one or Authenticator (see [RFC3579]), SHOULD add Digest-Algorithm and one or
more Digest-Qop, and MAY add Digest-Domain or Digest-Opaque more Digest-Qop, and MAY add Digest-Domain or Digest-Opaque
attributes to the Access-Challenge packet. attributes to the Access-Challenge packet.
2.2.1. General Attribute Checks 2.2.1. General Attribute Checks
If the RADIUS server receives an Access-Request packet containing a If the RADIUS server receives an Access-Request packet containing a
Digest-Response attribute, it looks for the following attributes: Digest-Response Attribute, it looks for the following attributes:
Digest-Realm, Digest-Nonce, Digest-Method, Digest-URI, Digest-Qop, Digest-Realm, Digest-Nonce, Digest-Method, Digest-URI, Digest-Qop,
Digest-Algorithm, and Digest-Username. Depending on the content of Digest-Algorithm, and Digest-Username. Depending on the content of
Digest-Algorithm and Digest-Qop, it looks for Digest-Entity-Body- Digest-Algorithm and Digest-Qop, it looks for Digest-Entity-Body-
Hash, Digest-CNonce, and Digest-AKA-Auts, too. See [RFC2617] and Hash, Digest-CNonce, and Digest-AKA-Auts, too. See [RFC2617] and
[RFC3310] for details. If the Digest-Algorithm attribute is missing, [RFC3310] for details. If the Digest-Algorithm Attribute is missing,
'MD5' is assumed. If the RADIUS server has issued a Digest-Opaque 'MD5' is assumed. If the RADIUS server has issued a Digest-Opaque
attribute along with the nonce, the Access-Request MUST have a Attribute along with the nonce, the Access-Request MUST have a
matching Digest-Opaque attribute. matching Digest-Opaque Attribute.
If mandatory attributes are missing, it MUST respond with an Access- If mandatory attributes are missing, it MUST respond with an Access-
Reject packet. Reject packet.
The RADIUS server removes '\' characters that escape quote and '\' The RADIUS server removes '\' characters that escape quote and '\'
characters from the text values it has received in the Digest-* characters from the text values it has received in the Digest-*
attributes. attributes.
If the mandatory attributes are present, the RADIUS server MUST check If the mandatory attributes are present, the RADIUS server MUST check
if the RADIUS client is authorized to serve users of the realm if the RADIUS client is authorized to serve users of the realm
mentioned in the Digest-Realm attribute. If the RADIUS client is not mentioned in the Digest-Realm Attribute. If the RADIUS client is not
authorized, the RADIUS server MUST send an Access-Reject. The RADIUS authorized, the RADIUS server MUST send an Access-Reject. The RADIUS
server SHOULD log the event so as to notify the operator, and MAY server SHOULD log the event so as to notify the operator, and MAY
take additional action such as sending an Access-Reject in response take additional action such as sending an Access-Reject in response
to all future requests from this client, until this behavior is reset to all future requests from this client, until this behavior is reset
by management action. by management action.
The RADIUS server determines the age of the nonce in Digest-Nonce by The RADIUS server determines the age of the nonce in the Digest-Nonce
using an embedded time-stamp or by looking it up in a local table. by using an embedded timestamp or by looking it up in a local table.
The RADIUS server MUST check the integrity of the nonce if it embeds The RADIUS server MUST check the integrity of the nonce if it embeds
the time-stamp in the nonce. Section 2.2.2 describes how the server the timestamp in the nonce. Section 2.2.2 describes how the server
handles old nonces. handles old nonces.
2.2.2. Authentication 2.2.2. Authentication
If the Access-Request message has passed the checks described above, If the Access-Request message passes the checks described above, the
the RADIUS server calculates the digest response as described in RADIUS server calculates the digest response as described in
[RFC2617]. To look up the password, the RADIUS server uses the [RFC2617]. To look up the password, the RADIUS server uses the
RADIUS User-Name attribute. The RADIUS server MUST check if the user RADIUS User-Name Attribute. The RADIUS server MUST check if the user
identified by the User-Name attribute: identified by the User-Name Attribute:
o is authorized to access the protection space and o is authorized to access the protection space and
o is authorized to use the URI included in the SIP-AOR attribute, if o is authorized to use the URI included in the SIP-AOR Attribute, if
this attribute is present. this attribute is present.
If any of those checks fails, the RADIUS server MUST send an Access- If any of those checks fails, the RADIUS server MUST send an Access-
Reject. Reject.
Correlation between User-Name and SIP-AOR AVP values is required just Correlation between User-Name and SIP-AOR AVP values is required just
to avoid that any user can register or misuse a SIP-AOR allocated to to avoid any user from registering or misusing a SIP-AOR that has
a different user. been allocated to a different user.
All values required for the digest calculation are taken from the All values required for the digest calculation are taken from the
Digest attributes described in this document. If the calculated Digest attributes described in this document. If the calculated
digest response equals the value received in the Digest-Response digest response equals the value received in the Digest-Response
attribute, the authentication was successful. Attribute, the authentication was successful.
If the response values match, but the RADIUS server considers the If the response values match, but the RADIUS server considers the
nonce in the Digest-Nonce attribute as too old, it sends an Access- nonce in the Digest-Nonce Attribute too old, it sends an Access-
Challenge packet containing a new nonce and a Digest-Stale attribute Challenge packet containing a new nonce and a Digest-Stale Attribute
with a value of 'true' (without surrounding quotes). with a value of 'true' (without surrounding quotes).
If the response values don't match, the RADIUS server responds with If the response values don't match, the RADIUS server responds with
an Access-Reject. an Access-Reject.
2.2.3. Constructing the Reply 2.2.3. Constructing the Reply
If the authentication was successful, the RADIUS server adds an If the authentication was successful, the RADIUS server adds an
attribute to the Access-Accept packet that can be used by the RADIUS attribute to the Access-Accept packet that can be used by the RADIUS
client to construct an Authentication-Info header: client to construct an Authentication-Info header:
o If the Digest-Qop attribute's value is 'auth' or unspecified, the o If the Digest-Qop Attribute's value is 'auth' or unspecified, the
RADIUS server SHOULD put a Digest-Response-Auth attribute into the RADIUS server SHOULD put a Digest-Response-Auth Attribute into the
Access-Accept packet. Access-Accept packet.
o If the Digest-Qop attribute's value is 'auth-int' and at least one o If the Digest-Qop Attribute's value is 'auth-int' and at least one
of the following conditions is true, the RADIUS server SHOULD put of the following conditions is true, the RADIUS server SHOULD put
a Digest-HA1 attribute into the Access-Accept packet: a Digest-HA1 Attribute into the Access-Accept packet:
* The Digest-Algorithm attribute's value is 'MD5-sess' or * The Digest-Algorithm Attribute's value is 'MD5-sess' or
'AKAv1-MD5-sess'. 'AKAv1-MD5-sess'.
* IPsec is configured to protect traffic between the RADIUS * IPsec is configured to protect traffic between the RADIUS
client and RADIUS server with IPsec (see Section 8). client and RADIUS server with IPsec (see Section 8).
In all other cases, Digest-Response-Auth or Digest-HA1 MUST NOT be In all other cases, Digest-Response-Auth or Digest-HA1 MUST NOT be
sent. sent.
RADIUS servers MAY construct a Digest-Nextnonce attribute and add it RADIUS servers MAY construct a Digest-Nextnonce Attribute and add it
to the Access-Accept packet. This is useful to limit the lifetime of to the Access-Accept packet. This is useful to limit the lifetime of
a nonce and to save a round-trip in future requests (see nextnonce a nonce and to save a round-trip in future requests (see nextnonce
discussion in [RFC2617], section 3.2.3). The RADIUS server adds a discussion in [RFC2617], Section 3.2.3). The RADIUS server adds a
Message-Authenticator attribute (see [RFC3579]) and sends the Access- Message-Authenticator Attribute (see [RFC3579]) and sends the
Accept packet to the RADIUS client. Access-Accept packet to the RADIUS client.
If the RADIUS server does not accept the nonce received in an Access- If the RADIUS server does not accept the nonce received in an
Request packet but authentication was successful, the RADIUS server Access-Request packet but authentication was successful, the RADIUS
MUST send an Access-Challenge packet containing a Digest-Stale server MUST send an Access-Challenge packet containing a Digest-Stale
attribute set to 'true' (without surrounding quotes). The RADIUS Attribute set to 'true' (without surrounding quotes). The RADIUS
server MUST add Message-Authenticator (see [RFC3579]), Digest-Nonce, server MUST add Message-Authenticator (see [RFC3579]), Digest-Nonce,
Digest-Realm, SHOULD add Digest-Algorithm and one or more Digest-Qop Digest-Realm, SHOULD add Digest-Algorithm and one or more Digest-
and MAY add Digest-Domain, Digest-Opaque attributes to the Access- Qops, and MAY add Digest-Domain or Digest-Opaque attributes to the
Challenge packet. Access-Challenge packet.
3. New RADIUS Attributes 3. New RADIUS Attributes
If not stated otherwise, the attributes have the following format: If not stated otherwise, the attributes have the following format:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Text ... | Type | Length | Text ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 12, line 41 skipping to change at page 12, line 41
are redundant in RADIUS. For example, the directive are redundant in RADIUS. For example, the directive
realm="the \"example\" value" realm="the \"example\" value"
is represented as follows: is represented as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Digest-Realm | 23 | the \"example\" value | | Digest-Realm | 23 | the \"example\" value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.1. Digest-Response attribute 3.1. Digest-Response Attribute
Description Description
If this attribute is present in an Access-Request message, a If this attribute is present in an Access-Request message, a
RADIUS server implementing this specification MUST treat the RADIUS server implementing this specification MUST treat the
Access-Request as a request for Digest Authentication. When a Access-Request as a request for Digest Authentication. When a
RADIUS client receives a (Proxy-)Authorization header, it puts RADIUS client receives a (Proxy-)Authorization header, it puts
the request-digest value into a Digest-Response attribute. the request-digest value into a Digest-Response Attribute.
This attribute (which enables the user to prove possession of This attribute (which enables the user to prove possession of
the password) MUST only be used in Access-Request packets. the password) MUST only be used in Access-Request packets.
Type Type
103 for Digest-Response. 103 for Digest-Response.
Length Length
>= 3 >= 3
Text Text
When using HTTP Digest, the text field is 32 octets long and When using HTTP Digest, the text field is 32 octets long and
contains a hexadecimal representation of a 16-octet digest contains a hexadecimal representation of a 16-octet digest
value as it was calculated by the authenticated client. Other value as it was calculated by the authenticated client. Other
digest algorithms MAY define different digest lengths. The digest algorithms MAY define different digest lengths. The
text field MUST be copied from request-digest of text field MUST be copied from request-digest of digest-
digest-response ([RFC2617]) without surrounding quotes. response [RFC2617] without surrounding quotes.
3.2. Digest-Realm Attribute 3.2. Digest-Realm Attribute
Description Description
This attribute describes a protection space component of the This attribute describes a protection space component of the
RADIUS server. HTTP-style protocols differ in their definition RADIUS server. HTTP-style protocols differ in their definition
of the protection space. See [RFC2617], Section 1.2, for of the protection space. See [RFC2617], Section 1.2, for
details. It MUST only be used in Access-Request, details. It MUST only be used in Access-Request, Access-
Access-Challenge, and Accounting-Request packets. Challenge, and Accounting-Request packets.
Type Type
104 for Digest-Realm 104 for Digest-Realm
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
realm directive (realm-value according to [RFC2617]) without realm directive (realm-value according to [RFC2617]) without
surrounding quotes from the HTTP-style request it wants to surrounding quotes from the HTTP-style request it wants to
authenticate. In Access-Challenge packets, the RADIUS server authenticate. In Access-Challenge packets, the RADIUS server
puts the expected realm value into this attribute. puts the expected realm value into this attribute.
skipping to change at page 13, line 37 skipping to change at page 13, line 39
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
realm directive (realm-value according to [RFC2617]) without realm directive (realm-value according to [RFC2617]) without
surrounding quotes from the HTTP-style request it wants to surrounding quotes from the HTTP-style request it wants to
authenticate. In Access-Challenge packets, the RADIUS server authenticate. In Access-Challenge packets, the RADIUS server
puts the expected realm value into this attribute. puts the expected realm value into this attribute.
3.3. Digest-Nonce Attribute 3.3. Digest-Nonce Attribute
Description Description
This attribute holds a nonce to be used in the HTTP Digest This attribute holds a nonce to be used in the HTTP Digest
calculation. If the Access-Request had a Digest-Method and a calculation. If the Access-Request had a Digest-Method and a
Digest-URI but no Digest-Nonce attribute, the RADIUS server Digest-URI but no Digest-Nonce Attribute, the RADIUS server
MUST put a Digest-Nonce attribute into its Access-Challenge MUST put a Digest-Nonce Attribute into its Access-Challenge
packet. This attribute MUST only be used in Access-Request packet. This attribute MUST only be used in Access-Request and
and Access-Challenge packets. Access-Challenge packets.
Type Type
105 for Digest-Nonce 105 for Digest-Nonce
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
nonce directive (nonce-value in [RFC2617]) without surrounding nonce directive (nonce-value in [RFC2617]) without surrounding
quotes from the HTTP-style request it wants to authenticate. quotes from the HTTP-style request it wants to authenticate.
In Access-Challenge packets, the attribute contains the nonce In Access-Challenge packets, the attribute contains the nonce
selected by the RADIUS server. selected by the RADIUS server.
3.4. Digest-Response-Auth Attribute 3.4. Digest-Response-Auth Attribute
Description Description
This attribute enables the RADIUS server to prove possession of This attribute enables the RADIUS server to prove possession of
the password. If the previously received Digest-Qop attribute the password. If the previously received Digest-Qop Attribute
was 'auth-int' (without surrounding quotes), the RADIUS server was 'auth-int' (without surrounding quotes), the RADIUS server
MUST send a Digest-HA1 attribute instead of a MUST send a Digest-HA1 Attribute instead of a Digest-Response-
Digest-Response-Auth attribute. The Digest-Response-Auth Auth Attribute. The Digest-Response-Auth Attribute MUST only
attribute MUST only be used in Access-Accept packets. The be used in Access-Accept packets. The RADIUS client puts the
RADIUS client puts the attribute value without surrounding attribute value without surrounding quotes into the rspauth
quotes into the rspauth directive of the Authentication-Info directive of the Authentication-Info header.
header.
Type Type
106 for Digest-Response-Auth. 106 for Digest-Response-Auth.
Length Length
>= 3 >= 3
Text Text
The RADIUS server calculates a digest according to section The RADIUS server calculates a digest according to Section
3.2.3 of [RFC2617] and copies the result into this attribute. 3.2.3 of [RFC2617] and copies the result into this attribute.
Digest algorithms other than the one defined in [RFC2617] MAY Digest algorithms other than the one defined in [RFC2617] MAY
define digest lengths other than 32. define digest lengths other than 32.
3.5. Digest-Nextnonce Attribute 3.5. Digest-Nextnonce Attribute
This attribute holds a nonce to be used in the HTTP Digest This attribute holds a nonce to be used in the HTTP Digest
calculation. calculation.
Description Description
The RADIUS server MAY put a Digest-Nextnonce Attribute into an
The RADIUS server MAY put a Digest-Nextnonce attribute into an
Access-Accept packet. If this attribute is present, the RADIUS Access-Accept packet. If this attribute is present, the RADIUS
client MUST put the contents of this attribute into the client MUST put the contents of this attribute into the
nextnonce directive of an Authentication-Info header in its nextnonce directive of an Authentication-Info header in its
HTTP-style response. This attribute MUST only be used in HTTP-style response. This attribute MUST only be used in
Access-Accept packets. Access-Accept packets.
Type Type
107 for Digest-Nextnonce 107 for Digest-Nextnonce
Length Length
>=3 >=3
Text Text
skipping to change at page 15, line 24 skipping to change at page 15, line 24
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
request method from the HTTP-style request it wants to request method from the HTTP-style request it wants to
authenticate. authenticate.
3.7. Digest-URI Attribute 3.7. Digest-URI Attribute
Description Description
This attribute is used to transport the contents of the This attribute is used to transport the contents of the
digest-uri directive or the URI of the HTTP-style request. digest-uri directive or the URI of the HTTP-style request. It
It MUST only be used in Access-Request and MUST only be used in Access-Request and Accounting-Request
Accounting-Request packets. packets.
Type Type
109 for Digest-URI 109 for Digest-URI
Length Length
>=3 >=3
Text Text
If the HTTP-style request has an Authorization header, the If the HTTP-style request has an Authorization header, the
RADIUS client puts the value of the "uri" directive found in RADIUS client puts the value of the uri directive found in the
the HTTP-style request Authorization header (known as HTTP-style request Authorization header (known as "digest-uri-
"digest-uri-value" in section 3.2.2 of [RFC2617]) without value" in Section 3.2.2 of [RFC2617]) without surrounding
surrounding quotes into this attribute. If there is no quotes into this attribute. If there is no Authorization
Authorization header, the RADIUS client takes the value of header, the RADIUS client takes the value of the request URI
the request URI from the HTTP-style request it wants to from the HTTP-style request it wants to authenticate.
authenticate.
3.8. Digest-Qop Attribute 3.8. Digest-Qop Attribute
Description Description
This attribute holds the Quality of Protection parameter that This attribute holds the Quality of Protection parameter that
influences the HTTP Digest calculation. This attribute MUST influences the HTTP Digest calculation. This attribute MUST
only be used in Access-Request, Access-Challenge and only be used in Access-Request, Access-Challenge, and
Accounting-Request packets. A RADIUS client SHOULD insert Accounting-Request packets. A RADIUS client SHOULD insert one
one of the Digest-Qop attributes it has received in a previous of the Digest-Qop attributes it has received in a previous
Access-Challenge packet. RADIUS servers SHOULD insert at Access-Challenge packet. RADIUS servers SHOULD insert at least
least one Digest-Qop attribute in an Access-Challenge one Digest-Qop Attribute in an Access-Challenge packet.
packet. Digest-Qop is optional in order to preserve Digest-Qop is optional in order to preserve backward
backward compatibility with a minimal implementation compatibility with a minimal implementation of [RFC2069].
of [RFC2069].
Type Type
110 for Digest-Qop 110 for Digest-Qop
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
qop directive (qop-value as described in [RFC2617]) from the qop directive (qop-value as described in [RFC2617]) from the
HTTP-style request it wants to authenticate. In HTTP-style request it wants to authenticate. In Access-
Access-Challenge packets, the RADIUS server puts a desired Challenge packets, the RADIUS server puts a desired qop-value
qop-value into this attribute. If the RADIUS server supports into this attribute. If the RADIUS server supports more than
more than one "quality of protection" value, it puts each one "quality of protection" value, it puts each qop-value into
qop-value into a separate Digest-Qop attribute. a separate Digest-Qop Attribute.
3.9. Digest-Algorithm Attribute 3.9. Digest-Algorithm Attribute
Description Description
This attribute holds the algorithm parameter that influences This attribute holds the algorithm parameter that influences
the HTTP Digest calculation. It MUST only be used in the HTTP Digest calculation. It MUST only be used in Access-
Access-Request, Access-Challenge and Accounting-Request Request, Access-Challenge and Accounting-Request packets. If
packets. If this attribute is missing, MD5 is assumed. this attribute is missing, MD5 is assumed.
Type Type
111 for Digest-Algorithm 111 for Digest-Algorithm
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
algorithm directive (as described in [RFC2617], section 3.2.1) algorithm directive (as described in [RFC2617], Section 3.2.1)
from the HTTP-style request it wants to authenticate. In from the HTTP-style request it wants to authenticate. In
Access-Challenge packets, the RADIUS server SHOULD put the Access-Challenge packets, the RADIUS server SHOULD put the
desired algorithm into this attribute. desired algorithm into this attribute.
3.10. Digest-Entity-Body-Hash Attribute 3.10. Digest-Entity-Body-Hash Attribute
Description Description
When using the qop-level 'auth-int', a hash of the HTTP-style When using the qop-value 'auth-int', a hash of the HTTP-style
message body's contents is required for digest calculation. message body's contents is required for digest calculation.
Instead of sending the complete body of the message, only its Instead of sending the complete body of the message, only its
hash value is sent. This hash value can be used directly in hash value is sent. This hash value can be used directly in
the digest calculation. the digest calculation.
The clarifications described in section 22.4 of [RFC3261] about The clarifications described in section 22.4 of [RFC3261] about
the hash of empty entity bodies apply to the the hash of empty entity bodies apply to the Digest-Entity-
Digest-Entity-Body-Hash attribute. This attribute MUST only be Body-Hash Attribute. This attribute MUST only be sent in
sent in Access-Request packets. Access-Request packets.
Type Type
112 for Digest-Entity-Body-Hash 112 for Digest-Entity-Body-Hash
Length Length
>=3 >=3
Text Text
The attribute holds the hexadecimal representation of The attribute holds the hexadecimal representation of
H(entity-body). This hash is required by certain H(entity-body). This hash is required by certain
authentication mechanisms, such as HTTP Digest with quality of authentication mechanisms, such as HTTP Digest with quality of
protection set to "auth-int". RADIUS clients MUST use this protection set to 'auth-int'. RADIUS clients MUST use this
attribute to transport the hash of the entity body when HTTP attribute to transport the hash of the entity body when HTTP
Digest is the authentication mechanism and the RADIUS server Digest is the authentication mechanism and the RADIUS server
requires that the integrity of the entity body (e.g., qop requires that the integrity of the entity body (e.g., qop
parameter set to "auth-int") be verified. Extensions to this parameter set to 'auth-int') be verified. Extensions to this
document may define support for authentication mechanisms document may define support for authentication mechanisms other
other than HTTP Digest. than HTTP Digest.
3.11. Digest-CNonce Attribute 3.11. Digest-CNonce Attribute
Description Description
This attribute holds the client nonce parameter that is used in This attribute holds the client nonce parameter that is used in
the HTTP Digest calculation. It MUST only be used in the HTTP Digest calculation. It MUST only be used in Access-
Access-Request packets. Request packets.
Type Type
113 for Digest-CNonce 113 for Digest-CNonce
Length Length
>=3 >=3
Text Text
This attribute includes the value of the cnonce-value [RFC2617] This attribute includes the value of the cnonce-value [RFC2617]
without surrounding quotes, taken from the HTTP-style request. without surrounding quotes, taken from the HTTP-style request.
3.12. Digest-Nonce-Count Attribute 3.12. Digest-Nonce-Count Attribute
skipping to change at page 18, line 6 skipping to change at page 18, line 4
directive (nc-value according to [RFC2617]) without surrounding directive (nc-value according to [RFC2617]) without surrounding
quotes from the HTTP-style request it wants to authenticate. quotes from the HTTP-style request it wants to authenticate.
3.13. Digest-Username Attribute 3.13. Digest-Username Attribute
Description Description
This attribute holds the user name used in the HTTP Digest This attribute holds the user name used in the HTTP Digest
calculation. The RADIUS server MUST use this attribute only calculation. The RADIUS server MUST use this attribute only
for the purposes of calculating the digest. In order to for the purposes of calculating the digest. In order to
determine the appropriate user credentials, the RADIUS server determine the appropriate user credentials, the RADIUS server
MUST use the User-Name (1) attribute, and MUST NOT use the MUST use the User-Name (1) Attribute, and MUST NOT use the
Digest-Username attribute. This attribute MUST only be used in Digest-Username Attribute. This attribute MUST only be used in
Access-Request and Accounting-Request packets. Access-Request and Accounting-Request packets.
Type Type
115 for Digest-Username 115 for Digest-Username
Length Length
>= 3 >= 3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
username directive (username-value according to [RFC2617]) username directive (username-value according to [RFC2617])
without surrounding quotes from the HTTP-style request it wants without surrounding quotes from the HTTP-style request it wants
to authenticate. to authenticate.
3.14. Digest-Opaque Attribute 3.14. Digest-Opaque Attribute
Description Description
This attribute holds the opaque parameter that is passed to the This attribute holds the opaque parameter that is passed to the
HTTP-style client. The HTTP-style client will pass this value HTTP-style client. The HTTP-style client will pass this value
back to the server (i.e., the RADIUS client) without back to the server (i.e., the RADIUS client) without
modification. This attribute MUST only be used in modification. This attribute MUST only be used in Access-
Access-Request and Access-Challenge packets. Request and Access-Challenge packets.
Type Type
116 for Digest-Opaque 116 for Digest-Opaque
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
opaque directive (opaque-value according to [RFC2617]) without opaque directive (opaque-value according to [RFC2617]) without
surrounding quotes from the HTTP-style request it wants to surrounding quotes from the HTTP-style request it wants to
authenticate and puts it into this attribute. In authenticate and puts it into this attribute. In Access-
Access-Challenge packets, the RADIUS server MAY include this Challenge packets, the RADIUS server MAY include this
attribute. attribute.
3.15. Digest-Auth-Param Attribute 3.15. Digest-Auth-Param Attribute
Description Description
This attribute is a placeholder for future extensions and This attribute is a placeholder for future extensions and
corresponds to the "auth-param" parameter defined in section corresponds to the auth-param parameter defined in Section
3.2.1 of [RFC2617]. The Digest-Auth-Param is the mechanism 3.2.1 of [RFC2617]. The Digest-Auth-Param is the mechanism
whereby the RADIUS client and RADIUS server can exchange whereby the RADIUS client and RADIUS server can exchange auth-
auth-param extension parameters contained within Digest headers param extension parameters contained within Digest headers that
that are not understood by the RADIUS client and for which are not understood by the RADIUS client and for which there are
there are no corresponding stand-alone attributes. no corresponding stand-alone attributes.
Unlike the previously listed Digest-* attributes, the Unlike the previously listed Digest-* attributes, the Digest-
Digest-Auth-Param contains not only the value but also the Auth-Param contains not only the value but also the parameter
parameter name, since the parameter name is unknown to the name, since the parameter name is unknown to the RADIUS client.
RADIUS client. If the Digest header contains several unknown If the Digest header contains several unknown parameters, then
parameters, then the RADIUS implementation MUST repeat this the RADIUS implementation MUST repeat this attribute, and each
attribute and each instance MUST contain one different unknown instance MUST contain one different unknown Digest
Digest parameter/value combination. This attribute MUST ONLY parameter/value combination. This attribute MUST ONLY be used
be used in Access-Request, Access-Challenge, Access-Accept in Access-Request, Access-Challenge, Access-Accept, and
and Accounting-Request packets. Accounting-Request packets.
Type Type
117 for Digest-Auth-Param 117 for Digest-Auth-Param
Length Length
>=3 >=3
Text Text
The text consists of the whole parameter, including its name The text consists of the whole parameter, including its name,
and the equal sign ('=') and quotes. the equal sign ('='), and quotes.
3.16. Digest-AKA-Auts Attribute 3.16. Digest-AKA-Auts Attribute
Description Description
This attribute holds the auts parameter that is used in the This attribute holds the auts parameter that is used in the
Digest AKA ([RFC3310]) calculation. It is only used if the Digest AKA [RFC3310] calculation. It is only used if the
algorithm of the digest-response denotes a version of AKA algorithm of the digest-response denotes a version of AKA
Digest [RFC3310]. This attribute MUST only be used in Digest [RFC3310]. This attribute MUST only be used in Access-
Access-Request packets. Request packets.
Type Type
118 for Digest-AKA-Auts 118 for Digest-AKA-Auts
Length Length
>=3 >=3
Text Text
In Access-Requests, the RADIUS client takes the value of the In Access-Requests, the RADIUS client takes the value of the
auts directive (auts-param according to section 3.4 of auts directive (auts-param according to Section 3.4 of
[RFC3310]) without surrounding quotes from the HTTP-style [RFC3310]) without surrounding quotes from the HTTP-style
request it wants to authenticate. request it wants to authenticate.
3.17. Digest-Domain Attribute 3.17. Digest-Domain Attribute
Description Description
When a RADIUS client has asked for a nonce, the RADIUS server When a RADIUS client has asked for a nonce, the RADIUS server
MAY send one or more Digest-Domain attributes in its MAY send one or more Digest-Domain attributes in its Access-
Access-Challenge packet. The RADIUS client puts them into the Challenge packet. The RADIUS client puts them into the quoted,
quoted, space-separated list of URIs of the 'domain' directive space-separated list of URIs of the domain directive of a WWW-
of a WWW-Authenticate header. Together with Digest-Realm, the Authenticate header. Together with Digest-Realm, the URIs in
URIs in the list define the protection space (see [RFC2617], the list define the protection space (see [RFC2617], Section
section 3.2.1) for some HTTP-style protocols. This attribute 3.2.1) for some HTTP-style protocols. This attribute MUST only
MUST only be used in Access-Challenge and Accounting-Request be used in Access-Challenge and Accounting-Request packets.
packets.
Type Type
119 for Digest-Domain 119 for Digest-Domain
Length Length
3 3
Text Text
This attribute consists of a single URI that defines a This attribute consists of a single URI that defines a
protection space component. protection space component.
3.18. Digest-Stale Attribute 3.18. Digest-Stale Attribute
Description Description
This attribute is sent by a RADIUS server in order to notify This attribute is sent by a RADIUS server in order to notify
the RADIUS client whether it has accepted a nonce. If the the RADIUS client whether it has accepted a nonce. If the
nonce presented by the RADIUS client was stale, the value is nonce presented by the RADIUS client was stale, the value is
'true' and is 'false' otherwise. The RADIUS client puts the 'true' and is 'false' otherwise. The RADIUS client puts the
content of this attribute into a 'stale' directive of the content of this attribute into a stale directive of the WWW-
WWW-Authenticate header in the HTTP-style response to the Authenticate header in the HTTP-style response to the request
request it wants to authenticate. The attribute MUST only be it wants to authenticate. The attribute MUST only be used in
used in Access-Challenge packets. Access-Challenge packets.
Type Type
120 for Digest-Stale 120 for Digest-Stale
Length Length
3 3
Text Text
The attribute has either the value 'true' or 'false' (both The attribute has either the value 'true' or 'false' (both
values without surrounding quotes). values without surrounding quotes).
3.19. Digest-HA1 Attribute 3.19. Digest-HA1 Attribute
Description Description
This attribute is used to allow the generation of an This attribute is used to allow the generation of an
Authentication-Info header, even if the HTTP-style response's Authentication-Info header, even if the HTTP-style response's
body is required for the calculation of the rspauth value. It body is required for the calculation of the rspauth value. It
SHOULD be used in Access-Accept packets if the required quality SHOULD be used in Access-Accept packets if the required quality
of protection ('qop') is 'auth-int'. of protection (qop) is 'auth-int'.
This attribute MUST NOT be sent if the qop parameter was not This attribute MUST NOT be sent if the qop parameter was not
specified or has a value of 'auth' (in this case, use specified or has a value of 'auth' (in this case, use Digest-
Digest-Response-Auth instead). Response-Auth instead).
The Digest-HA1 attribute MUST only be sent by the RADIUS server The Digest-HA1 Attribute MUST only be sent by the RADIUS server
or processed by the RADIUS client if at least one of the or processed by the RADIUS client if at least one of the
following conditions is true: following conditions is true:
+ The Digest-Algorithm attribute's value is 'MD5-sess' or + The Digest-Algorithm Attribute's value is 'MD5-sess' or
'AKAv1-MD5-sess'. 'AKAv1-MD5-sess'.
+ IPsec is configured to protect traffic between RADIUS client + IPsec is configured to protect traffic between the RADIUS
and RADIUS server with IPsec (see Section 8). client and RADIUS server with IPsec (see Section 8).
This attribute MUST only be used in Access-Accept packets. This attribute MUST only be used in Access-Accept packets.
Type Type
121 for Digest-HA1 121 for Digest-HA1
Length Length
>= 3 >= 3
Text Text
This attribute contains the hexadecimal representation of H(A1) This attribute contains the hexadecimal representation of H(A1)
as described in [RFC2617], sections 3.1.3, 3.2.1, and 3.2.2.2. as described in [RFC2617], Sections 3.1.3, 3.2.1, and 3.2.2.2.
3.20. SIP-AOR Attribute 3.20. SIP-AOR Attribute
Description Description
This attribute is used for the authorization of SIP messages. This attribute is used for the authorization of SIP messages.
The SIP-AOR attribute identifies the URI, the use of which must The SIP-AOR Attribute identifies the URI, the use of which must
be authenticated and authorized. The RADIUS server uses this be authenticated and authorized. The RADIUS server uses this
attribute to authorize the processing of the SIP request. The attribute to authorize the processing of the SIP request. The
SIP-AOR can be derived from, for example, the To header field SIP-AOR can be derived from, for example, the To header field
in a SIP REGISTER request (user under registration), or the in a SIP REGISTER request (user under registration), or the
From header field in other SIP requests. However, the exact From header field in other SIP requests. However, the exact
mapping of this attribute to SIP can change due to new mapping of this attribute to SIP can change due to new
developments in the protocol. This attribute MUST only be used developments in the protocol. This attribute MUST only be used
when the RADIUS client wants to authorize SIP users and MUST when the RADIUS client wants to authorize SIP users and MUST
only be used in Access-Request packets. only be used in Access-Request packets.
Type Type
122 for SIP-AOR 122 for SIP-AOR
Length Length
>=3 >=3
Text Text
The syntax of this attribute corresponds either to a SIP URI The syntax of this attribute corresponds either to a SIP URI
(with the format defined in [RFC3261] or a tel URI (with the (with the format defined in [RFC3261] or a tel URI (with the
format defined in [RFC3966]). format defined in [RFC3966]).
The SIP-AOR attribute holds the complete URI, including The SIP-AOR Attribute holds the complete URI, including
parameters and other parts. It is up to the RADIUS server what parameters and other parts. It is up to the RADIUS server as
components of the URI are regarded in the authorization to which components of the URI are regarded in the
decision. authorization decision.
4. Diameter Compatibility 4. Diameter Compatibility
This document defines support for Digest Authentication in RADIUS. A This document defines support for Digest Authentication in RADIUS. A
companion document "Diameter Session Initiation Protocol (SIP) companion document "Diameter Session Initiation Protocol (SIP)
Application" [RFC4740] defines support for Digest Authentication in Application" [RFC4740] defines support for Digest Authentication in
Diameter, and addresses compatibility issues between RADIUS and Diameter, and addresses compatibility issues between RADIUS and
Diameter. Diameter.
5. Table of Attributes 5. Table of Attributes
skipping to change at page 22, line 48 skipping to change at page 22, line 48
[Note 1] Digest-HA1 MUST be used instead of Digest-Response-Auth if [Note 1] Digest-HA1 MUST be used instead of Digest-Response-Auth if
Digest-Qop is 'auth-int'. Digest-Qop is 'auth-int'.
[Note 2] Digest-Response-Auth MUST be used instead of Digest-HA1 if [Note 2] Digest-Response-Auth MUST be used instead of Digest-HA1 if
Digest-Qop is 'auth'. Digest-Qop is 'auth'.
[Note 3] If Digest-Algorithm is missing, 'MD5' is assumed. [Note 3] If Digest-Algorithm is missing, 'MD5' is assumed.
[Note 4] An Access-Challenge MUST contain a State attribute, which is [Note 4] An Access-Challenge MUST contain a State attribute, which is
copied to the subsequent Access-Request. A server receiving an copied to the subsequent Access-Request. A server receiving
Access-Request that contains a State attribute MUST respond with an Access-Request that contains a State attribute MUST
either an Access-Accept or an Access-Reject; the server MUST NOT respond with either an Access-Accept or an Access-Reject;
respond with an Access-Challenge. the server MUST NOT respond with an Access-Challenge.
6. Examples 6. Examples
This is an example selected from the traffic between a softphone (A), This is an example selected from the traffic between a softphone (A),
a Proxy Server (B), and an example.com RADIUS server (C). The a Proxy Server (B), and an example.com RADIUS server (C). The
communication between the Proxy Server and a SIP Public Switched communication between the Proxy Server and a SIP Public Switched
Telephone Network (PSTN) gateway is omitted for brevity. The SIP Telephone Network (PSTN) gateway is omitted for brevity. The SIP
messages are not shown completely. messages are not shown completely.
The password of user '12345678' is 'secret'. The shared secret The password of user '12345678' is 'secret'. The shared secret
between RADIUS client and server is 'secret'. To ease testing, only between the RADIUS client and server is 'secret'. To ease testing,
the last byte of the RADIUS authenticator changes between Access- only the last byte of the RADIUS authenticator changes between
Requests. In a real implementation, this would be a serious flaw. requests. In a real implementation, this would be a serious flaw.
A->B A->B
INVITE sip:97226491335@example.com SIP/2.0 INVITE sip:97226491335@example.com SIP/2.0
From: <sip:12345678@example.com> From: <sip:12345678@example.com>
To: <sip:97226491335@example.com> To: <sip:97226491335@example.com>
B->A B->A
SIP/2.0 100 Trying SIP/2.0 100 Trying
B->C B->C
Code = Access-Request (1) Code = Access-Request (1)
Packet identifier = 0x7c (124) Packet identifier = 0x7c (124)
Length = 97 Length = 97
Authenticator = F5E55840E324AA49D216D9DBD069807C Authenticator = F5E55840E324AA49D216D9DBD069807C
NAS-IP-Address = 192.168.2.38 NAS-IP-Address = 192.0.2.38
NAS-Port = 5 NAS-Port = 5
User-Name = 12345678 User-Name = 12345678
Digest-Method = INVITE Digest-Method = INVITE
Digest-URI = sip:97226491335@example.com Digest-URI = sip:97226491335@example.com
Message-Authenticator = 26039915C2A55FF51D7DF4D4608738BD Message-Authenticator = 7600D5B0BDC33987A60D5C6167B28B3B
C->B C->B
Code = Access-Challenge (11) Code = Access-challenge (11)
Packet identifier = 0x7c (124) Packet identifier = 0x7c (124)
Length = 72 Length = 72
Authenticator = EBE20199C26EFEAD69BF8AB0E786CA4D Authenticator = EBE20199C26EFEAD69BF8AB0E786CA4D
Digest-Nonce = 3bada1a0 Digest-Nonce = 3bada1a0
Digest-Realm = example.com Digest-Realm = example.com
Digest-Qop = auth Digest-Qop = auth
Digest-Algorithm = MD5 Digest-Algorithm = MD5
Message-Authenticator = 5DA18ED3BBC9513DCBDE0A37F51B7DE3 Message-Authenticator = 5DA18ED3BBC9513DCBDE0A37F51B7DE3
B->A B->A
skipping to change at page 24, line 18 skipping to change at page 24, line 18
,nonce="3bada1a0",qop=auth,algorithm=MD5 ,nonce="3bada1a0",qop=auth,algorithm=MD5
Content-Length: 0 Content-Length: 0
A->B A->B
ACK sip:97226491335@example.com SIP/2.0 ACK sip:97226491335@example.com SIP/2.0
A->B A->B
INVITE sip:97226491335@example.com SIP/2.0 INVITE sip:97226491335@example.com SIP/2.0
Proxy-Authorization: Digest algorithm="md5",nonce="3bada1a0" Proxy-Authorization: Digest nonce="3bada1a0"
,realm="example.com" ,realm="example.com"
,response="7679b84a560835846ec553174dbabb69" ,response="756933f735fcd93f90a4bbdd5467f263"
,uri="sip:97226491335@example.com",username="12345678" ,uri="sip:97226491335@example.com",username="12345678"
,qop=auth,algorithm=MD5 ,qop=auth,algorithm=MD5
,cnonce="56593a80,nc="00000001" ,cnonce="56593a80,nc="00000001"
From: <sip:12345678@example.com> From: <sip:12345678@example.com>
To: <sip:97226491335@example.com> To: <sip:97226491335@example.com>
B->C B->C
Code = Access-Request (1) Code = Access-Request (1)
Packet identifier = 0x7d (125) Packet identifier = 0x7d (125)
Length = 221 Length = 221
Authenticator = F5E55840E324AA49D216D9DBD069807D Authenticator = F5E55840E324AA49D216D9DBD069807D
NAS-IP-Address = 192.168.2.38 NAS-IP-Address = 192.0.2.38
NAS-Port = 5 NAS-Port = 5
User-Name = 12345678 User-Name = 12345678
Digest-Method = INVITE Digest-Method = INVITE
Digest-URI = sip:97226491335@example.com Digest-URI = sip:97226491335@example.com
Digest-Realm = example.com Digest-Realm = example.com
Digest-Qop = auth Digest-Qop = auth
Digest-Algorithm = MD5 Digest-Algorithm = MD5
Digest-CNonce = 56593a80 Digest-CNonce = 56593a80
Digest-Nonce = 3bada1a0 Digest-Nonce = 3bada1a0
Digest-Nonce-Count = 00000001 Digest-Nonce-Count = 00000001
Digest-Response = 7679b84a560835846ec553174dbabb69 Digest-Response = 756933f735fcd93f90a4bbdd5467f263
Digest-Username = 12345678 Digest-Username = 12345678
SIP-AOR = sip:12345678@example.com SIP-AOR = sip:12345678@example.com
Message-Authenticator = 60832893BCB19D85DDF9836506F9C0D6 Message-Authenticator = B6C7F7F8D11EF261A26933D234561A60
C->B C->B
Code = Access-Accept (2) Code = Access-Accept (2)
Packet identifier = 0x7d (125) Packet identifier = 0x7d (125)
Length = 72 Length = 72
Authenticator = 36E1201AD4377664E720184CE7B3D8C6 Authenticator = FFDD74D6470D21CB6FC4D6056BE245D2
Digest-Response-Auth = 3792d3109224eb67213659e2d789f10d Digest-Response-Auth = f847de948d12285f8f4199e366f1af21
Message-Authenticator = 9B79B410CEBD335176DAEB24735DCF64 Message-Authenticator = 7B76E2F10A7067AF601938BF13B0A62E
B->A B->A
SIP/2.0 180 Ringing SIP/2.0 180 Ringing
B->A B->A
SIP/2.0 200 OK SIP/2.0 200 OK
A->B A->B
ACK sip:97226491335@example.com SIP/2.0 ACK sip:97226491335@example.com SIP/2.0
A second example shows the traffic between a web browser (A), web A second example shows the traffic between a web browser (A), a web
server (B), and a RADIUS server (C). server (B), and a RADIUS server (C).
A->B A->B
GET /index.html HTTP/1.1 GET /index.html HTTP/1.1
B->C B->C
Code = Access-Request (1) Code = Access-Request (1)
Packet identifier = 0x7e (126) Packet identifier = 0x7e (126)
Length = 68 Length = 68
Authenticator = F5E55840E324AA49D216D9DBD069807E Authenticator = F5E55840E324AA49D216D9DBD069807E
NAS-IP-Address = 192.168.2.38 NAS-IP-Address = 192.0.2.38
NAS-Port = 5 NAS-Port = 5
Digest-Method = GET Digest-Method = GET
Digest-URI = /index.html Digest-URI = /index.html
Message-Authenticator = A78C0D4FEF57CAD5EEE922AC3562B1F3 Message-Authenticator = 690BFC95E88DF3B185F15CD78E469992
C->B C->B
Code = Access-Challenge (11) Code = Access-challenge (11)
Packet identifier = 0x7e (126) Packet identifier = 0x7e (126)
Length = 72 Length = 72
Authenticator = 2EE5EB01C02C773B6C6EC8515F565E8E Authenticator = 2EE5EB01C02C773B6C6EC8515F565E8E
Digest-Nonce = a3086ac8 Digest-Nonce = a3086ac8
Digest-Realm = example.com Digest-Realm = example.com
Digest-Qop = auth Digest-Qop = auth
Digest-Algorithm = MD5 Digest-Algorithm = MD5
Message-Authenticator = 646DB2B0AF9E72FFF2CF7FEB33C4952A Message-Authenticator = 646DB2B0AF9E72FFF2CF7FEB33C4952A
B->A B->A
HTTP/1.1 401 Authentication Required HTTP/1.1 401 Authentication Required
WWW-Authenticate: Digest realm="example.com", WWW-Authenticate: Digest realm="example.com",
nonce="a3086ac8",qop=auth,algorithm=MD5 nonce="a3086ac8",qop=auth,algorithm=MD5
Content-Length: 0 Content-Length: 0
A->B A->B
GET /index.html HTTP/1.1 GET /index.html HTTP/1.1
Authorization: Digest algorithm=MD5,qop=auth,nonce="a3086ac8" Authorization: Digest = algorithm=MD5,qop=auth,nonce="a3086ac8"
,nc="00000001",cnonce="56593a78" ,nc="00000001",cnonce="56593a80"
,realm="example.com" ,realm="example.com"
,response="ba623217b5ec024d30c4aaef9d8494de" ,response="a4fac45c27a30f4f244c54a2e99fa117"
,uri="/index.html",username="12345678" ,uri="/index.html",username="12345678"
B->C B->C
Code = Access-Request (1) Code = Access-Request (1)
Packet identifier = 0x7f (127) Packet identifier = 0x7f (127)
Length = 176 Length = 176
Authenticator = F5E55840E324AA49D216D9DBD069807F Authenticator = F5E55840E324AA49D216D9DBD069807F
NAS-IP-Address = 192.168.2.38 NAS-IP-Address = 192.0.2.38
NAS-Port = 5 NAS-Port = 5
User-Name = 12345678 User-Name = 12345678
Digest-Method = GET Digest-Method = GET
Digest-URI = /index.html Digest-URI = /index.html
Digest-Realm = example.com Digest-Realm = example.com
Digest-Qop = auth Digest-Qop = auth
Digest-Algorithm = MD5 Digest-Algorithm = MD5
Digest-CNonce = 56593a80 Digest-CNonce = 56593a80
Digest-Nonce = a3086ac8 Digest-Nonce = a3086ac8
Digest-Nonce-Count = 00000001 Digest-Nonce-Count = 00000001
Digest-Response = ba623217b5ec024d30c4aaef9d8494de Digest-Response = a4fac45c27a30f4f244c54a2e99fa117
Digest-Username = 12345678 Digest-Username = 12345678
Message-Authenticator = 932B7565467F028AD399B8FBE57BE98C Message-Authenticator = 237D85C1478C70C67EEAF22A9C456821
C->B C->B
Code = Access-Accept (2) Code = Access-Accept (2)
Packet identifier = 0x7f (127) Packet identifier = 0x7f (127)
Length = 72 Length = 72
Authenticator = F1ECAC22D3C88E0260B287FA35595F80 Authenticator = 6364FA6ED66012847C05A0895607C694
Digest-Response-Auth = 29624e0bee4342994d041d07f7bcd44c Digest-Response-Auth = 08c4e942d1d0a191de8b3aa98cd35147
Message-Authenticator = 956312EC57AF51ABC4F6965270F34982 Message-Authenticator = 43795A3166492AD2A890AD57D5F97D56
B->A B->A
HTTP/1.1 200 OK HTTP/1.1 200 OK
... ...
<html> <html>
... ...
7. IANA Considerations 7. IANA Considerations
The following values from the RADIUS attribute type number space were The following values from the RADIUS Attribute Types number space
assigned in [RFC4590]. This document requests that the values in the were assigned in [RFC4590]. This document requests that the values
table below be entered within the existing registry. in the table below be entered within the existing registry.
Attribute # Attribute #
--------------- ---- --------------- ----
Digest-Response 103 Digest-Response 103
Digest-Realm 104 Digest-Realm 104
Digest-Nonce 105 Digest-Nonce 105
Digest-Response-Auth 106 Digest-Response-Auth 106
Digest-Nextnonce 107 Digest-Nextnonce 107
Digest-Method 108 Digest-Method 108
Digest-URI 109 Digest-URI 109
skipping to change at page 28, line 33 skipping to change at page 28, line 10
Digest-Domain 119 Digest-Domain 119
Digest-Stale 120 Digest-Stale 120
Digest-HA1 121 Digest-HA1 121
SIP-AOR 122 SIP-AOR 122
8. Security Considerations 8. Security Considerations
The RADIUS extensions described in this document enable RADIUS to The RADIUS extensions described in this document enable RADIUS to
transport the data that is required to perform a digest calculation. transport the data that is required to perform a digest calculation.
As a result, RADIUS inherits the vulnerabilities of HTTP Digest (see As a result, RADIUS inherits the vulnerabilities of HTTP Digest (see
[RFC2617], section 4) in addition to RADIUS security vulnerabilities [RFC2617], Section 4) in addition to RADIUS security vulnerabilities
described in [RFC2865], section 8, and [RFC3579], section 4. described in [RFC2865], Section 8, and [RFC3579], Section 4.
An attacker compromising a RADIUS client or proxy can carry out man- An attacker compromising a RADIUS client or proxy can carry out man-
in-the-middle attacks even if the paths between A, B and B, C (Figure in-the-middle attacks even if the paths between A, B and B, C (Figure
2) have been secured with TLS or IPsec. 2) have been secured with TLS or IPsec.
The RADIUS server MUST check the Digest-Realm attribute it has The RADIUS server MUST check the Digest-Realm Attribute it has
received from a client. If the RADIUS client is not authorized to received from a client. If the RADIUS client is not authorized to
serve HTTP-style clients of that realm, it might be compromised. serve HTTP-style clients of that realm, it might be compromised.
8.1. Denial of Service 8.1. Denial of Service
RADIUS clients implementing the extension described in this document RADIUS clients implementing the extension described in this document
may authenticate HTTP-style requests received over the Internet. As may authenticate HTTP-style requests received over the Internet. As
compared with the use of RADIUS to authenticate link-layer network compared with the use of RADIUS to authenticate link-layer network
access, attackers may find it easier to cover their tracks in such a access, attackers may find it easier to cover their tracks in such a
scenario. scenario.
An attacker can attempt a denial-of-service attack on one or more An attacker can attempt a denial-of-service attack on one or more
RADIUS servers by sending a large number of HTTP-style requests. To RADIUS servers by sending a large number of HTTP-style requests. To
make simple denial-of-service attacks more difficult, the RADIUS make simple denial-of-service attacks more difficult, the RADIUS
server MUST check whether it has generated the nonce received from an server MUST check whether it has generated the nonce received from an
HTTP-style client. This SHOULD be done statelessly. For example, a HTTP-style client. This SHOULD be done statelessly. For example, a
nonce could consist of a cryptographically random part and some kind nonce could consist of a cryptographically random part and some kind
of signature provided by the RADIUS client, as described in of signature provided by the RADIUS client, as described in
[RFC2617], section 3.2.1. [RFC2617], Section 3.2.1.
8.2. Confidentiality and Data Integrity 8.2. Confidentiality and Data Integrity
The attributes described in this document are sent in cleartext. The attributes described in this document are sent in cleartext.
RADIUS servers SHOULD include Digest-Qop and Digest-Algorithm RADIUS servers SHOULD include Digest-Qop and Digest-Algorithm
attributes in Access-Challenge messages. A man in the middle can attributes in Access-Challenge messages. A man in the middle can
modify or remove those attributes in a bidding down attack, causing modify or remove those attributes in a bidding down attack, causing
the RADIUS client to use a weaker authentication scheme than the RADIUS client to use a weaker authentication scheme than
intended. intended.
The Message-Authenticator attribute, described in [RFC3579], section The Message-Authenticator Attribute, described in [RFC3579], Section
3.2 MUST be included in Access-Request, Access-Challenge, Access- 3.2 MUST be included in Access-Request, Access-Challenge, Access-
Reject, and Access-Accept messages that contain attributes described Reject, and Access-Accept messages that contain attributes described
in this specification. in this specification.
The Digest-HA1 attribute contains no random components if the The Digest-HA1 Attribute contains no random components if the
algorithm is 'MD5' or 'AKAv1-MD5'. This makes offline dictionary algorithm is 'MD5' or 'AKAv1-MD5'. This makes offline dictionary
attacks easier and enables replay attacks. attacks easier and enables replay attacks.
Some parameter combinations require the protection of RADIUS packets Some parameter combinations require the protection of RADIUS packets
against eavesdropping and tampering. Implementations SHOULD try to against eavesdropping and tampering. Implementations SHOULD try to
determine automatically whether IPsec is configured to protect determine automatically whether IPsec is configured to protect
traffic between the RADIUS client and the RADIUS server. If this is traffic between the RADIUS client and the RADIUS server. If this is
not possible, the implementation checks a configuration parameter not possible, the implementation checks a configuration parameter
telling it whether IPsec will protect RADIUS traffic. The default telling it whether IPsec will protect RADIUS traffic. The default
value of this configuration parameter tells the implementation that value of this configuration parameter tells the implementation that
RADIUS packets will not be protected. RADIUS packets will not be protected.
HTTP-style clients can use TLS with server side certificates together HTTP-style clients can use TLS with server-side certificates together
with HTTP-Digest Authentication. Instead of TLS, IPsec can be used, with HTTP-Digest Authentication. Instead of TLS, IPsec can be used,
too. TLS or IPsec secure the connection while Digest Authentication too. TLS or IPsec secure the connection while Digest Authentication
authenticates the user. The RADIUS transaction can be regarded as authenticates the user. The RADIUS transaction can be regarded as
one leg on the path between the HTTP-style client and the HTTP-style one leg on the path between the HTTP-style client and the HTTP-style
server. To prevent RADIUS from representing the weak link, a RADIUS server. To prevent RADIUS from representing the weak link, a RADIUS
client receiving an HTTP-style request via TLS or IPsec could use an client receiving an HTTP-style request via TLS or IPsec could use an
equally secure connection to the RADIUS server. There are several equally secure connection to the RADIUS server. There are several
ways to achieve this, for example: ways to achieve this, for example:
o The RADIUS client may reject HTTP-style requests received over TLS o The RADIUS client may reject HTTP-style requests received over TLS
or IPsec. or IPsec.
o The RADIUS client may require that traffic be sent and received o The RADIUS client may require that traffic be sent and received
over IPsec. over IPsec.
RADIUS over IPsec, if used, MUST conform to the requirements RADIUS over IPsec, if used, MUST conform to the requirements
described in [RFC3579], section 4.2. described in [RFC3579], Section 4.2.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Leach, P., Luotonen, A., and L. Stewart, "HTTP
Basic and Digest Access Authentication", RFC 2617, June 1999. Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
Authentication Dial In User Service (RADIUS)", RFC 2865, June "Remote Authentication Dial In User Service (RADIUS)", RFC
2000. 2865, June 2000.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: A., Peterson, J., Sparks, R., Handley, M., and E. Schooler,
Session Initiation Protocol", RFC 3261, June 2002. "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial [RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication
In User Service) Support For Extensible Authentication Dial In User Service) Support For Extensible Authentication
Protocol (EAP)", RFC 3579, September 2003. Protocol (EAP)", RFC 3579, September 2003.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC
3966, December 2004. 3966, December 2004.
9.2. Informative References 9.2. Informative References
[RFC1994] Simpson, W., "PPP Challenge Handshake Authentication Protocol [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication
(CHAP)", RFC 1994, August 1996. Protocol (CHAP)", RFC 1994, August 1996.
[RFC2069] Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P., [RFC2069] Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P.,
Luotonen, A., Sink, E., and L. Stewart, "An Extension to HTTP Luotonen, A., Sink, E., and L. Stewart, "An Extension to
: Digest Access Authentication", RFC 2069, January 1997. HTTP : Digest Access Authentication", RFC 2069, January
1997.
[RFC3310] Niemi, A., Arkko, J., and V. Torvinen, "Hypertext Transfer [RFC3310] Niemi, A., Arkko, J., and V. Torvinen, "Hypertext Transfer
Protocol (HTTP) Digest Authentication Using Authentication and Protocol (HTTP) Digest Authentication Using Authentication
Key Agreement (AKA)", RFC 3310, September 2002. and Key Agreement (AKA)", RFC 3310, September 2002.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3851] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail
(S/MIME) Version 3.1 Message Specification", RFC 3851, July Extensions (S/MIME) Version 3.1 Message Specification", RFC
2004. 3851, July 2004.
[RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.1", RFC 4346, April 2006. (TLS) Protocol Version 1.1", RFC 4346, April 2006.
[RFC4590] Sterman, B., Sadolevsky, D., Schwartz, D., Williams, D., and [RFC4590] Sterman, B., Sadolevsky, D., Schwartz, D., Williams, D.,
W. Beck, "RADIUS Extension for Digest Authentication", RFC and W. Beck, "RADIUS Extension for Digest Authentication",
4590, July 2006. RFC 4590, July 2006.
[RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., Canales- [RFC4740] Garcia-Martin, M., Ed., Belinchon, M., Pallares-Lopez, M.,
Valenzuela, C. and K. Tammik, "Diameter Session Initiation Canales-Valenzuela, C., and K. Tammi, "Diameter Session
Protocol (SIP) Application", RFC 4740, November 2006. Initiation Protocol (SIP) Application", RFC 4740, November
2006.
Appendix A - Changes from RFC 4590
This Appendix lists the major changes between [RFC4590] and this
document. Minor changes, including style, grammar, spelling, and
editorial changes are not mentioned here.
o The Table of Attributes (Section 5) now indicates that the
Digest-Method Attribute is required within an Access-Request.
Also, an entry has been added for the State attribute. The table
also includes entries for Accounting-Request messages. As noted
in the examples, the User-Name Attribute is not necessary when
requesting a nonce.
o Two errors in attribute assignment have been corrected within the
IANA Considerations (Section 7). Digest-Response-Auth is assigned
attribute 106, and Digest-Nextnonce is assigned attribute 107.
o Several errors in the examples section have been corrected.
Acknowledgments Acknowledgments
The authors would like to thank Mike McCauley for his help in working
through the details of the examples.
We would like to acknowledge Kevin McDermott (Cisco Systems) for We would like to acknowledge Kevin McDermott (Cisco Systems) for
providing comments and experimental implementation. providing comments and experimental implementation.
Many thanks to all reviewers, especially to Miguel Garcia, Jari Many thanks to all reviewers, especially to Miguel Garcia, Jari
Arkko, Avi Lior, and Jun Wang. Arkko, Avi Lior, and Jun Wang.
Authors' Addresses Authors' Addresses
Baruch Sterman Baruch Sterman
Kayote Networks Kayote Networks
skipping to change at page 32, line 23 skipping to change at page 33, line 5
EMail: dwilli@cisco.com EMail: dwilli@cisco.com
Wolfgang Beck Wolfgang Beck
Deutsche Telekom AG Deutsche Telekom AG
Deutsche Telekom Allee 7 Deutsche Telekom Allee 7
Darmstadt 64295 Darmstadt 64295
Germany Germany
EMail: beckw@t-systems.com EMail: beckw@t-systems.com
Appendix A - Changes from RFC 4590
This Appendix lists the major changes between [RFC4590] and this
document. Minor changes, including style, grammar, spelling, and
editorial changes are not mentioned here.
o The Table of Attributes (Section 5) now indicates that the Digest-
Method attribute is required within an Access-Request. Also, an
entry has been added for the State attribute. The table also
includes entries for Accounting-Request messages. As noted in the
examples, the User-Name attribute is not necessary when requesting a
nonce.
o Two errors in attribute assignment have been corrected within the
IANA Considerations (Section 7). Digest-Response-Auth is assigned
attribute 106, and Digest-Nextnonce is assigned attribute 107.
o Several errors in the examples section have been corrected.
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
skipping to change at page 33, line 42 skipping to change at page 33, line 42
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf- this standard. Please address the information to the IETF at
ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Open issues
Open issues relating to this specification are tracked on the
following web site:
http://www.drizzle.com/~aboba/RADEXT/
 End of changes. 158 change blocks. 
384 lines changed or deleted 362 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/