[Kamailio-Devel] nonce checking in auth module
Johansson Olle E
oej at edvina.net
Tue Aug 5 18:37:32 CEST 2008
5 aug 2008 kl. 18.19 skrev Daniel-Constantin Mierla:
> I am not sure how many followed the evolution of the auth module
> during
> this development cycle. So I am going to present the situation
> shortly.
> Starting with revision 4294, auth module is doing nonce reusing
> checking.
>
> http://openser.svn.sourceforge.net/viewvc/openser?view=rev&revision=4294
>
> The improvement is very good from security point of view but will have
> performance impact. The issue I am seeing is the inability to control
> this feature via a parameter, so will be done all the time. I don't
> know
> if it is only me, but I am using in some setups short registration
> time
> to ensure that pinholes in the nat routers. Re-usage of the nonce was
> good as registrations were not challenged for the nonce expiration
> time
> (this is controlled by a module parameter), not loading that much the
> server.
>
> Might be late now, but my question is, does someone else sees a good
> thing in the ability to control nonce re-usage checking via module
> parameter?
I think that this has to be configurable, to be able to set level of
security you want. In some cases, I can think of situations where
I don't want any nonce-reuse at all, I want a fresh challenge for
every transaction.
Nonce-reuse also implies QOP - does Kamailio have full support for
that?
/O
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2207 bytes
Desc: not available
Url : http://lists.kamailio.org/pipermail/devel/attachments/20080805/0ba94c1b/attachment.bin
More information about the Devel
mailing list