2 jan 2009 kl. 16.34 skrev Dale Worley:
On Tue, 2008-12-30 at 21:30 +0100, Johansson Olle E wrote:
Also: How can we move away from MD5 digest auth?
The authentication headers all allow the algorithm to be specified, so
we can convert to SHA1 fairly straightforwardly. But the current
attack
benefits from the fact that one can spend hours synthesizing a
certificate. I doubt one could attack a SIP session setup fast enough
to be useful with reasonably-priced hardware. But that will come with
time...
We need some implementation guidelines for doing this. How do we
respond to an MD5 auth request we don't accept?
If for some strange reason, I want to support both old MD5 UA's and
new SHAx UA's - how do I indicate both?
We propably need some test code and test scenarios here.
/O
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
