[VOIPSEC] MD5 digests and rogue SSL certs - Re: Anyone at the 25th Chaos Communications Congress in Berlin and interested in doing some writeups for the VOIPSA blog?

[Johansson Olle E]

30 dec 2008 kl. 17.54 skrev Dan York:

> Olle,
>
> On Dec 30, 2008, at 11:20 AM, Johansson Olle E wrote:
>
>> I just heard that a group was using vulnerabilities in MD5 to crack  
>> SSL by using rogue certificates.
>
> Yes, I saw tweets from http://twitter.com/security4all that were  
> talking about this presentation (I assume) as it was occurring.  
> Sounded quite interesting (and scary).
>
>> It's really high time to move away from MD5 digests in SIP - the  
>> problem is how to use another algorithm in the HTTP digest  
>> challenge/response. And using SSL with certificates ... let's wait  
>> and see...
>
>
> Right... and the fact still remains that many folks are using SIP  
> out there *without* digest authentication anyway. (It would be  
> interesting to try to gather stats on the usage - or not - of  
> various forms of authentication in SIP.)

Yes, many old-bell-type carriers trust IP address as authentication  
and don't support even the digest auth...

The question remains: How can we in the SIP protocol support switching  
to SHA digest auth?

The digest headers support specifying algorithm, but there's no  
implementation out there or documentation on error codes.
What if my SIP server sends me a challenge with SHA digeset and I  
don't support it?
Can we send two challenges in one reply, one with MD5 and one with SHA?

Do we want to have any support for this kind of "kind" upgrade? I  
mean, if you really want SHA auth for your server, you don't want to  
support MD5 at all. Period.

Food for thought while preparing for The New Year.

Happy New Year everyone!

/O