Tzafrir Cohen wrote:
On Fri, Feb 10, 2006 at 02:56:59PM +0100, Michael Prochaska wrote:
Olle E. Johansson schrieb:
...write an RFC :-)
i don't think that this is necessary :-)
The MD5 is in the SIP RFC, and I've never seen anyone using SHA.
no, md5 is NOT in the SIP RFC. HTTP digest authentication is not
automatically md5
and in the HTTP digest RFC there is md5 as example but SHA could also be
used.
i think if asterisk would support HTTP digest with SHA it would be easy
to extend the UA's to support it too.
If SHA1 is practically not in use, then what you suggest is a new
extension. If so: why SHA1 and not a different digest algorithm?
See, e.g.
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
...and checking with Apache, HTTP basic digest seems to be MD5 only
in the HTTP world, if supported.
I am not saying that we should not add other hash algorithms, just
trying to find more information about the use of other digest mechanisms
in HTTP digest auth.
/O
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
