Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt

["Dale Worley" <dworley at nortel.com>]

        > You'll have to include in the hash a secret local key.
        Otherwise an
        > adversary can check a guessed correspondence between a Call-Id
        and a
        > Session-Id.
        
        Yup exactly - that's what I meant by not being "re-creatable",
        and why I included a system/node ID and MAC into the equation.
        Not really a secret local key per se - and maybe I should just
        say that instead in the draft.
        
If the system/node ID is not prescribed to be secret, the adversaries
will get ahold of it and be able to check the hashes.  But I see that in
-01, you've noted that it has to be secret.

Dale


_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip