[OpenSER-Users] Digest Authentication and nonce count

Klaus Darilion klaus.mailinglists at pernau.at
Mon Nov 12 14:45:13 CET 2007



Daniel-Constantin Mierla schrieb:
> Hello,
> 
> On 11/12/07 13:49, Klaus Darilion wrote:
>> Hi!
>>
>> the ..._challenge() functions support adding the qop=auth to the 
>> challenge.
>>
>> This will cause the SIP client to use the nonce count in the digest 
>> response. Is this nonce count actually used in openser?
> it is used :-), but maybe not strictly as standards says. You are right, 


Thus, currently there is no security benefit of using qop=auth - correct?

regards
klaus


> should be some stateful handling, right now it just accepts it and uses 
> to compute the digest response.
> 
> Cheers,
> Daniel
> 
>>  I guess this would require stateful handling of nonce and nonce-count.
>>
>> regards
>> klaus
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>
>>   




More information about the sr-users mailing list