[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Enrollment in SIP services (and should we undeprecatebasic auth)

To: Robert Sparks <rsparks@dynamicsoft.com>
Subject: Re: [Sip] Enrollment in SIP services (and should we undeprecatebasic auth)
From: Michael Thomas <mat@cisco.com>
Date: Sun, 29 Dec 2002 17:23:17 -0800 (PST)
Cc: Jonathan Rosenberg <jdrosen@dynamicsoft.com>, Cullen Jennings <fluffy@cisco.com>, sip@ietf.org
In-reply-to: <1040415671.949.161.camel@RjS.localdomain>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=unsubscribe>
References: <004401c2a85e$99855700$618d6b80@amer.cisco.com><3E0375E7.1080608@dynamicsoft.com><1040415671.949.161.camel@RjS.localdomain>
Sender: sip-admin@ietf.org

Robert Sparks writes:
 > I see no value at all to resurrecting BASIC.
 > 
 > If you are wanting to provide a shared secret and punt all of the
 > security responsibilities to the transport layer, then express that
 > secret in its native form (plaintext for a password). Anything else
 > you do wastes cycles and encourages people to make bad assumptions
 > about the level of protection they are getting (increasing the risk
 > that it would get foolishly used outside the environment you intended
 > to punt to).

Er, that's what basic does. The reason that the
password is in uuencode format is, I'd assume, to
provide the ability to ship binary passwords, not
security through obscurity.

		 Mike
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

References:
- [Sip] Enrollment in SIP services (and should we undeprecate basic auth)
  - From: Cullen Jennings
- Re: [Sip] Enrollment in SIP services (and should we undeprecate basicauth)
  - From: Jonathan Rosenberg
- Re: [Sip] Enrollment in SIP services (and should we undeprecatebasic auth)
  - From: Robert Sparks

Prev by Date: [Sip] Loop detection; Not a bad thing to have
Next by Date: [Sip] resource reservation
Previous by thread: Re: [Sip] Enrollment in SIP services (and should we undeprecatebasic auth)
Next by thread: Re: [Sip] Enrollment in SIP services (and should we undeprecatebasic auth)
Index(es):
- Date
- Thread