On Fri, Feb 10, 2006 at 02:56:59PM +0100, Michael Prochaska wrote: > Olle E. Johansson schrieb: > >...write an RFC :-) > > > > i don't think that this is necessary :-) > > >The MD5 is in the SIP RFC, and I've never seen anyone using SHA. > > no, md5 is NOT in the SIP RFC. HTTP digest authentication is not > automatically md5 > > and in the HTTP digest RFC there is md5 as example but SHA could also be > used. > > i think if asterisk would support HTTP digest with SHA it would be easy > to extend the UA's to support it too.
If SHA1 is practically not in use, then what you suggest is a new extension. If so: why SHA1 and not a different digest algorithm? See, e.g. http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html -- Tzafrir Cohen icq#16849755 +972-50-7952406 [EMAIL PROTECTED] http://www.xorcom.com _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
