[asterisk-dev] [Code Review] SIP authentication support
mmichelson at digium.com
Wed Feb 13 09:14:53 CST 2013
On 02/13/2013 02:07 AM, Olle E. Johansson wrote:
> However, that quote answers my question about migrating to SHA256,
> even though I think there's a policy issue here - why would you want
> to offer a bad auth mech when you have a better. How should a client
> respond? I think there is work to be done here. Let's discuss that at
I think the idea behind offering multiple schemes is that a server may
support both MD5 and SHA256, but the client that is trying to
authenticate may only support MD5. Even though SHA256 is the better
scheme, the server also accepts MD5 for compatibility purposes.
If a client is presented with multiple schemes that it knows how to use,
then my thought is that the client should determine which scheme is
"strongest" and respond to that challenge only. We can discuss it more
at SIPit for sure. We just need to be sure to document what we come up
with on the wiki.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev