On 05/05/2011 08:21 AM, Olle E. Johansson wrote:
Because they HAVE TO. In the 401/407 reply, there's a challenge (nonce) which is an important part of the MD5 Digest Auth scheme.
I meant more to contrast with how some UACs will attempt to re-cycle old Authorization credentials in re-registrations and so on.
The password is NOT encrypted. It's is used as the basis of a textstring you calculate a hash from. That's very different :-)
I know. I was trying to keep it simple for the OP.
I would say it may call for SIP with TLS client authentication - regardless if you need encryption or not...
On this point of view we may differ. -- Alex Balashov - Principal Evariste Systems LLC 260 Peachtree Street NW Suite 2200 Atlanta, GA 30303 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/ -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
