25 Mar
2004
25 Mar
'04
1:53 p.m.
The problem is that SIP authentication only supports:
caller - callee
caller - proxy
but it does not support proxy - callee, which would be necessary for
authentication against a gateway. This can be solved using TLS betwenn
proxy and gateway and trust every request which cames along the TLS
connection.
Klaus
Alex Bligh wrote:
--On 24 March 2004 10:27 -0800 Tom <tom(a)sdf.com> wrote:
DIGEST SIP security.
How does this work?
Short answer: almost identically to HTTP authentication. IE a SIP request
is sent, server replies with "authentication required" plus a a number (the
challenge), the UA responds with a response containing a DIGEST calculation
of the number, and the password. The SIP server then compares the digest
response with its calculated digest based on the number plus the password.
If they are equal, it grants access.
Long answer: read the RFCs
Alex