...write an RFC :-) The MD5 is in the SIP RFC, and I've never seen anyone using SHA. Interoperability is a good thing. I guess everyone wants to move from basic digest auth to something more secure, like the RSA auth we have in IAX2. /Olle