> You'll have to include in the hash a secret local key.
Otherwise an
> adversary can check a guessed correspondence between a Call-Id
and a
> Session-Id.
Yup exactly - that's what I meant by not being "re-creatable",
and why I included a system/node ID and MAC into the equation.
Not really a secret local key per se - and maybe I should just
say that instead in the draft.
If the system/node ID is not prescribed to be secret, the adversaries
will get ahold of it and be able to check the hashes. But I see that in
-01, you've noted that it has to be secret.
Dale
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
