> On Fri, 2009-01-02 at 17:45 +0100, Johansson Olle E wrote: >> The UA could also, as you point out, send all headers at once to make it >> a quicker round-trip, but doing it that way would also expose the >> weaker MD5 hash which we want to avoid. > > We actually haven't resolved the question whether using MD5 *exposes* > your key. As far as I can tell, what's been shown is that *trusting* an > MD5 is not a good idea. But I'm not a crypto expert.
I'm not a crypto expert either but I think it is a good idea to be prepared to replace MD5 whenever we will have to do it. And as such a replacement takes time until it reaches the end user it would be better to start early. Just my 2 cents Nils _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
