Enhanced Usage of HTTP Digest Authentication for SIP
draft-undery-sip-auth-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | James Undery , Sanjoy Sen , Vesa Torvinen | ||
Last updated | 2002-06-14 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
HTTP Digest has some shortcomings if applied for SIP. Firstly, SIP UA has serious difficulties to distinguish the source of Authentication-Info and Proxy-Authentication-Info headers in SIP forking situations. This is due to the absence of the ‘realm’ parameter in these headers. Secondly, HTTP authentication is particularly vulnerable against MITM bid-down attacks on the list of algorithms (e.g., MD-5, SHA-1) or the desired security level (auth, auth-int). Thirdly, HTTP authentication provides limited integrity protection of only the message body. In SIP, important information can be carried in many of the headers that may need integrity protection. This draft proposes to add the realm parameter in the *- Authentication-Info headers, recommends a format for computing the nonce for detection of bid-down attack and proposes a mechanism for integrity protection of SIP headers using MIME body.
Authors
James Undery
Sanjoy Sen
Vesa Torvinen
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)