24 Mar
2004
24 Mar
'04
7:26 p.m.
--On 24 March 2004 10:27 -0800 Tom tom@sdf.com wrote:
DIGEST SIP security. How does this work?
Short answer: almost identically to HTTP authentication. IE a SIP request is sent, server replies with "authentication required" plus a a number (the challenge), the UA responds with a response containing a DIGEST calculation of the number, and the password. The SIP server then compares the digest response with its calculated digest based on the number plus the password. If they are equal, it grants access.
Long answer: read the RFCs
Alex