I actually gave up trying to this kind of checks on routed messages. Why? Not all phones behave the same way and some had problems when authentication (digest) was required for messages different than INVITE. For example, Kphone can resend an INV if challenged which contains the auth-data. On the other hand, if a kphone is the receiver of the INV, and it hangs up, kphone generates a BYE message which does NOT contain auth-data. Thus, ser will challlenge the kphone back, kphone will reply with a CANCEL and resend the BYE without (again) the auth-data, entering an endless loop. Ain't it funny? By the way ... i notified this to kphone developers ... no news :( I repeat, i tried other phones and it worked fine: minisip, polycom hardphone (has many other bugs ...), snom, ... But i agree with Juha (and this makes it twice this afternoon) ... you should authenticate them as you would with any other message. Try using a phone which supports TLS and then you are good to go :) Regards, Cesc _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers Unclassified