[Sip-implementors] RFC 3261: Authorization UTF8-NONASCII and escaping

[Brett Tate]

Howdy,

The following are some questions concerning SIP Digest MD5 Authorization.

1) Are UTF8-NONASCII allowed within username and realm?  Based upon the ABNF, 
it appears to be yes.  However since SIP authentication is based upon the HTTP 
specs (such as rfc2617 and rfc2616), I'm not sure if the SIP ABNF changes to 
include UTF8-NONASCII was intentional concerning the topic.  More specifically, 
I not sure if the rfc2616 TEXT snippet (or something else) somehow prevents 
UTF8-NONASCII.

2) Can the password used within Digest MD5 authentication calculation include 
UTF8-NONASCII?

3) If quoted-string username contains useless and required escaping of 
characters, is the escaped or un-escaped username supposed to be used within 
the calculation?  I assume the un-escaped username; however I thought I'd ask 
for completeness. 

Thanks,
Brett


-----------

RFC 2617:

username         = "username" "=" username-value
username-value   = quoted-string
realm       = "realm" "=" realm-value
realm-value = quoted-string

----

RFC 2616:

quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext         = <any TEXT except <">>

The backslash character ("\") MAY be used as a single-character
quoting mechanism only within quoted-string and comment constructs.

quoted-pair    = "\" CHAR

Words of *TEXT MAY contain characters from character sets other 
than ISO-8859-1 [22] only when encoded according to the rules 
of RFC 2047 [14].

TEXT           = <any OCTET except CTLs, but including LWS>

----

RFC 3261:
Authorization     =  "Authorization" HCOLON credentials
credentials       =  ("Digest" LWS digest-response)
                     / other-response
digest-response   =  dig-resp *(COMMA dig-resp)
dig-resp          =  username / realm / nonce / digest-uri
                      / dresponse / algorithm / cnonce
                      / opaque / message-qop
                      / nonce-count / auth-param
username          =  "username" EQUAL username-value
username-value    =  quoted-string
realm               =  "realm" EQUAL realm-value
realm-value         =  quoted-string

A string of text is parsed as a single word if it is quoted using
double-quote marks.  In quoted strings, quotation marks (") and
backslashes (\) need to be escaped.

   quoted-string  =  SWS DQUOTE *(qdtext / quoted-pair ) DQUOTE
   qdtext         =  LWS / %x21 / %x23-5B / %x5D-7E / UTF8-NONASCII

The backslash character ("\") MAY be used as a single-character
quoting mechanism only within quoted-string and comment constructs.
Unlike HTTP/1.1, the characters CR and LF cannot be escaped by this
mechanism to avoid conflict with line folding and header separation.

quoted-pair  =  "\" (%x00-09 / %x0B-0C / %x0E-7F)


_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors