cnonce in RFC 3261

Discussion:

cnonce in RFC 3261

Moloud Mousavi

2010-06-02 17:58:33 UTC

Hi,

The Cnonce definition in RFC 3261 is confusing. This is what I found:

cnonce = "cnonce" EQUAL cnonce-value
cnonce-value = nonce-value

while a bit up an example shows the value of cnonce different than nonce:

nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="sip:***@biloxi.com",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",

I need to calculate the challenge response. I don't know where to get this cnonce from?

One more thing: Why are there many names for the same parameter??? Like this one: nonce-count = "nc" EQUAL nc-value

THANKs a lot.

Moloud

________________________________
NOTICE: This e-mail contains information that may be confidential and proprietary. If you are not the intended recipient, any disclosure or other use of this e-mail or the information contained herein or attached hereto may be unlawful and is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately and delete this e-mail without reading, printing, copying or forwarding it to anyone. Thank you for your kind cooperation.
AVIS : Ce courriel contient des renseignements qui peuvent etre confidentiels ou de propriete industrielle. Si vous n'etes pas le veritable destinataire, la diffusion ou l'usage de ce courriel, des renseignements qu'il contient ou des documents qui lui sont joints pourrait etre illegal. Il est donc strictement interdit de les diffuser ou de les utiliser. Si vous avez recu ce courriel par erreur, veuillez en aviser l'expediteur immediatement et veuillez le supprimer sans le lire, l'imprimer, le sauvegarder ou le diffuser. Merci de votre aimable collaboration.

Iñaki Baz Castillo

2010-06-03 15:28:52 UTC

Permalink

2010/6/2 Moloud Mousavi <***@blueslice.com>:
> Hi,
> The Cnonce definition in RFC 3261 is confusing. This is what I found:
>
> cnonce = "cnonce" EQUAL cnonce-value
> cnonce-value = nonce-value
>
> while a bit up an example shows the value of cnonce different than nonce:
>
> nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
> uri="sip:***@biloxi.com",
> qop=auth,
> nc=00000001,
> cnonce="0a4f113b",
> response="6629fae49393a05397450978507c4ef1",

Why do "you" think that cnonce and nonce are different? just because
the different lenght in *your* example? the BNF for nonce-value field
doesn't mandate a strict length for nonce-value, in fact it's just a
queted string:

nonce-value = quoted-string

> I need to calculate the challenge response. I don’t know where to get this
> cnonce from?

Read RFC 2617.

> One more thing: Why are there many names for the same parameter??? Like this
> one: nonce-count = "nc" EQUAL nc-value

Please, read RFC 2617 and 3261 before asking such questions.

--
Iñaki Baz Castillo
<***@aliax.net>
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-***@cs.columbia.edu for questions on how to develop a SIP implementation.
Use ***@ietf.org for new developments on the application of sip.
Use ***@ietf.org for issues

Iñaki Baz Castillo

2010-06-03 16:52:33 UTC

Permalink

2010/6/3 Moloud Mousavi <***@blueslice.com>:
> Hello Iñaki,
>
> This is the explanation of cnonce in RFC 2617:
>
> cnonce
> This MUST be specified if a qop directive is sent (see above), and
> MUST NOT be specified if the server did not send a qop directive in
> the WWW-Authenticate header field. The cnonce-value is an opaque
> quoted string value provided by the client and used by both client
> and server to avoid chosen plaintext attacks, to provide mutual
> authentication, and to provide some message integrity protection.
> See the descriptions below of the calculation of the responsedigest
> and request-digest values.
>
>
> It seems that cnonce existence is optional, but then If you want to calculate the responseDigest, you have to consider that again.
>
> Assuming both the same: in fact I tried putting the same value for nonce and cnonce, and it didn't work.

Where did you read that nonce and cnonce have to be equal?

> If my question is trivial, why do "YOU" bother to put time to answer me back, leave it to someone else.

First of all, this maillist is not the place to ask trivial or non
trivial questions about already approved specifications for SIP
protocol, use sip-implementors instead.
Second: you should be not so rude with people trying to help you.

--
Iñaki Baz Castillo
<***@aliax.net>
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-***@cs.columbia.edu for questions on how to develop a SIP implementation.
Use ***@ietf.org for new developments on the application of sip.
Use ***@ietf.org for issues related

Iñaki Baz Castillo

2010-06-03 17:06:15 UTC

Permalink

2010/6/3 Moloud Mousavi <***@blueslice.com>:
> Regarding your question, please read RFC 3261.

nonce and cnonce must not be equal. Period.

> By the way, as I understood, there is a moderator here. Probably he/she knows what should be forwarded or not.

There is no moderator inspecting each mail before allowing it to be
published or not. For questions/doubts related to SIP protocol the
sip-implementors maillist is the appropriate place.

--
Iñaki Baz Castillo
<***@aliax.net>
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-***@cs.columbia.edu for questions on how to develop a SIP implementation.
Use ***@ietf.org for new developments on the application of sip.
Use ***@ietf.org for issues related to maintenance of the core SIP specificatio

James M. Polk

2010-06-03 23:18:14 UTC

Permalink

Iñaki Baz Castillo

FWIW -- the only one being rude in this discussion is you.

You could have used a better tone when telling
Mousavi that the sip-implementers list is where
these questions should be asked.

James

At 11:52 AM 6/3/2010, Iñaki Baz Castillo wrote:
>2010/6/3 Moloud Mousavi
><***@blueslice.com>: > Hello Iñaki, > > This
>is the explanation of cnonce in RFC 2617: > >
>cnonce > This MUST be specified if a qop
>directive is sent (see above), and > MUST NOT be
>specified if the server did not send a qop
>directive in > the WWW-Authenticate header
>field. The cnonce-value is an opaque > quoted
>string value provided by the client and used by
>both client > and server to avoid chosen
>plaintext attacks, to provide mutual >
>authentication, and to provide some message
>integrity protection. > See the descriptions
>below of the calculation of the responsedigest >
>and request-digest values. > > > It seems that
>cnonce existence is optional, but then If you
>want to calculate the responseDigest, you have
>to consider that again. > > Assuming both the
>same: in fact I tried putting the same value for
>nonce and cnonce, and it didn't work. Where did
>you read that nonce and cnonce have to be
>equal? > If my question is trivial, why do "YOU"
>bother to put time to answer me back, leave it
>to someone else. First of all, this maillist is
>not the place to ask trivial or non trivial
>questions about already approved specifications
>for SIP protocol, use sip-implementors instead.
>Second: you should be not so rude with people
>trying to help you. -- Iñaki Baz Castillo
><***@aliax.net>
>_______________________________________________
>Sip mailing
>list https://www.ietf.org/mailman/listinfo/sip
>This list is essentially closed and only used
>for finishing old business. Use
>sip-***@cs.columbia.edu for questions
>on how to develop a SIP implementation. Use
>***@ietf.org for new developments on the
>application of sip. Use ***@ietf.org for
>issues related to maintenance of the core SIP specifications.

_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-***@cs.columbia.edu for questions on how to develop a SIP implementation.
Use ***@ietf.org for new developments on the application of sip.
Use ***@ietf.org for issues related to maintenance of the core SIP specifications.

Tom Taylor

2010-06-03 18:57:38 UTC

Permalink

Your basic problem is that you need to read the ABNF specification (RFC 5234)
to understand the syntax descriptions. That example you quoted:

nonce-count = "nc" EQUAL nc-value

species the syntax of a field which has the arbitrary name "nonce-count",
just for purposes of syntax description. The actual syntax is to the right
of the equals sign, and says that the field has the form:

nc= some value whose syntax is spelled oput by the production nc-value elsewhere
in the ABNF.

The example you quote has this field:

nc=00000001

Moloud Mousavi wrote:
> Hi,
>
> The Cnonce definition in RFC 3261 is confusing. This is what I found:
>
> cnonce = "cnonce" EQUAL cnonce-value cnonce-value = nonce-value
>
>
> while a bit up an example shows the value of cnonce different than nonce:
>
> nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="sip:***@biloxi.com",
> qop=auth, nc=00000001, cnonce="0a4f113b",
> response="6629fae49393a05397450978507c4ef1",
>
> I need to calculate the challenge response. I don't know where to get this
> cnonce from?
>
> One more thing: Why are there many names for the same parameter??? Like this
> one: nonce-count = "nc" EQUAL nc-value
>
>
> THANKs a lot.
>
> Moloud
>
>
>
>
> ________________________________ NOTICE: This e-mail contains information
> that may be confidential and proprietary. If you are not the intended
> recipient, any disclosure or other use of this e-mail or the information
> contained herein or attached hereto may be unlawful and is strictly
> prohibited. If you have received this e-mail in error, please notify the
> sender immediately and delete this e-mail without reading, printing, copying
> or forwarding it to anyone. Thank you for your kind cooperation. AVIS : Ce
> courriel contient des renseignements qui peuvent etre confidentiels ou de
> propriete industrielle. Si vous n'etes pas le veritable destinataire, la
> diffusion ou l'usage de ce courriel, des renseignements qu'il contient ou des
> documents qui lui sont joints pourrait etre illegal. Il est donc strictement
> interdit de les diffuser ou de les utiliser. Si vous avez recu ce courriel
> par erreur, veuillez en aviser l'expediteur immediatement et veuillez le
> supprimer sans le lire, l'imprimer, le sauvegarder ou le diffuser. Merci de
> votre aimable collaboration.
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________ Sip mailing list
> https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and
> only used for finishing old business. Use sip-***@cs.columbia.edu
> for questions on how to develop a SIP implementation. Use ***@ietf.org
> for new developments on the application of sip. Use ***@ietf.org for
> issues related to maintenance of the core SIP specifications.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-***@cs.columbia.edu for questions on how to develop a SIP implementation.
Use ***@ietf.org for new developments on the application of sip.
Use ***@ietf.org for issues related to maintenance of the core SIP specifications.