Re: [Sip] News article on CA impersonation attack

["Dale Worley" <dworley at nortel.com>]

On Tue, 2008-12-30 at 21:30 +0100, Johansson Olle E wrote:
> Also: How can we move away from MD5 digest auth?

The authentication headers all allow the algorithm to be specified, so
we can convert to SHA1 fairly straightforwardly.  But the current attack
benefits from the fact that one can spend hours synthesizing a
certificate.  I doubt one could attack a SIP session setup fast enough
to be useful with reasonably-priced hardware.  But that will come with
time...

Dale


_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip