[Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA
Jari Arkko <jarkko@piuha.net> Fri, 15 March 2002 06:17 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA13890 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 01:17:33 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id BAA19676 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 01:17:33 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA18473; Fri, 15 Mar 2002 01:15:31 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA18357 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 01:15:19 -0500 (EST)
Received: from fep02-app.kolumbus.fi (fep02-0.kolumbus.fi [193.229.0.44]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA13867; Fri, 15 Mar 2002 01:15:16 -0500 (EST)
Received: from piuha.net ([62.248.153.197]) by fep02-app.kolumbus.fi with ESMTP id <20020315061516.SMKI12987.fep02-app.kolumbus.fi@piuha.net>; Fri, 15 Mar 2002 08:15:16 +0200
Message-ID: <3C9191C9.3000507@piuha.net>
Date: Fri, 15 Mar 2002 08:16:41 +0200
From: Jari Arkko <jarkko@piuha.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014
X-Accept-Language: en-us
MIME-Version: 1.0
To: John W Noerenberg II <jwn2@qualcomm.com>
CC: sipping@ietf.org, sip-security@ietf.org, Greg Rose <ggr@qualcomm.com>, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@ericsson.fi, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
References: <B8B673A9.9436%gparsons@nortelnetworks.com> <a0510151db8b6de3d1fb1@[129.46.77.186]>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit
John, Greg, Thanks for an interesting describing this interesting attack! I believe while making draft-niemi the authors have been assuming that we do not use the GSM compatibility mode (which I believe is the reason why the RES could be only 32 bits). That is, when full AKA is used this isn't a problem. So, we could either (1) Require the full use of AKA (2) Switch to using IK and not RES as input in the Digest process Greg, is the IK free of similar limitations when GSM compatibility is used? Jari _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] SIP authentication problem when us… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] [Sipping] RE: SIP authentication p… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… James Undery
- [Sip-security] Re: [Sipping] Re: SIP authenticati… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… John W Noerenberg II
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko