[SIP Beyond VoIP] Sylkserver - authentication against an IMAP server
Bibo
bibo at ag-projects.com
Fri Apr 17 01:51:11 CEST 2020
Hello,
I leave some comments about auth patches and its security:
> We totally agree that sending the plaintext password over ws is a inferior solution if you use sip. unfortunately, to implement any other authentication without even more changes, we need this. therefore we create a configurable client and sylkrtc.js which by default sends ha1 but can be changed to send plain passwords. see patches sylkrtc-ha1-conditional.patch and sylk-webrtc-ha1-conditional.patch.
A solution using clear-text password could be implemented
as long as it could be sent trough TLS/SSL, (according to rfc2595)
In addition, it could be reinforced with an extra authentication mechanism,
for example, a clear-text password accompanied by a set of bytes as a challenge.
More specifically, it should be TLS/SSL version 1.3, be certain of cert does not expire,
and a reinforcement is strongly recommended, because of IMAP vulnerabilities.
Greetings!
Bibo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ag-projects.com/pipermail/sipbeyondvoip/attachments/20200416/ccc7c716/attachment.htm>
More information about the SIPBeyondVoIP
mailing list