On Tue, 2008-12-30 at 21:30 +0100, Johansson Olle E wrote: > Also: How can we move away from MD5 digest auth?
The authentication headers all allow the algorithm to be specified, so we can convert to SHA1 fairly straightforwardly. But the current attack benefits from the fact that one can spend hours synthesizing a certificate. I doubt one could attack a SIP session setup fast enough to be useful with reasonably-priced hardware. But that will come with time... Dale _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
