[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
I think I agree with Miguel that the security of the RADIUS exchange is
a somewhat orthogonal issue from the security of the SIP Digest exchange.
For example, the RADIUS exchange may occur over a different network than
the SIP exchange, which may be more or less vulnerable. Just because the
SIP UA doesn't request TLS, or sends a registration request over a
wireless network, does that mean there is no need to secure the
RADIUS exchange? Or because the SIP UA does request TLS, does that mean
that it is also attempting to negotiate RADIUS security at the same time?
My recommendation would be to unlink the SIP and RADIUS exchanges. If you
want to recommend encryption to protect Digest attributes that is ok, but
I wouldn't mention SIP/SIPs exchanges in the same paragraphs and link them
together.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>