[Sip-security] Re: Digest AKA in IETF
Jari Arkko <jari.arkko@piuha.net> Fri, 19 April 2002 05:51 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA03028 for <sip-security-archive@odin.ietf.org>; Fri, 19 Apr 2002 01:51:58 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id BAA13365 for sip-security-archive@odin.ietf.org; Fri, 19 Apr 2002 01:51:58 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA13293; Fri, 19 Apr 2002 01:49:37 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA13256 for <sip-security@ns.ietf.org>; Fri, 19 Apr 2002 01:49:34 -0400 (EDT)
Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA02970 for <sip-security@ietf.org>; Fri, 19 Apr 2002 01:49:33 -0400 (EDT)
Received: from piuha.net (p4.piuha.net [131.160.192.4]) by p2.piuha.net (Postfix) with ESMTP id 895206A905; Fri, 19 Apr 2002 08:49:22 +0300 (EEST)
Message-ID: <3CBFB009.9060908@piuha.net>
Date: Fri, 19 Apr 2002 08:50:01 +0300
From: Jari Arkko <jari.arkko@piuha.net>
Reply-To: jari.arkko@piuha.net
Organization: None
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014
X-Accept-Language: en-us
MIME-Version: 1.0
To: Greg Rose <ggr@qualcomm.com>, sip-security@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [Sip-security] Re: Digest AKA in IETF
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit
Greg Rose wrote: > The draft appears to allow "algorithm=AKAv1-MD5-sess", which would > implicitly allow reuse of the (possibly only 32-bit) RES in > the context of the password. As we have already discussed on this list, > that would be both > insecure and contrary to the intent of AKA. Unless there is an explicit > reason for inclusion of this option (other than allowing reuse of RES...) I > would limit AKA to be used only with MD5 and not MD5-sess. Yes, and thanks for pointing this out. There is no reason to support MD5-sess and MD5 should be sufficient. Jari _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] Re: Digest AKA in IETF Greg Rose
- [Sip-security] Re: Digest AKA in IETF Jari Arkko