[asterisk-dev] SIP authentication with SHA

Olle E Johansson oej at edvina.net
Sat Feb 11 03:38:06 MST 2006

Michael Prochaska wrote:
> Olle E. Johansson schrieb:
>> ...write an RFC :-)
> i don't think that this is necessary :-)
>> The MD5 is in the SIP RFC, and I've never seen anyone using SHA.
> no, md5 is NOT in the SIP RFC. HTTP digest authentication is not 
> automatically md5
You are right, the syntax in RFC3261 says MD5, MD5-sess or "token". All 
the examples use MD5 and I've seen no other implementation. The RFC is 
indeed a good example of a document that needs reading, re-reading and 
total re-re-reading many times... :-)

> and in the HTTP digest RFC there is md5 as example but SHA could also be 
> used.
> i think if asterisk would support HTTP digest with SHA it would be easy 
> to extend the UA's to support it too.

Well, produce a patch and we'll look at it. It makes me proud that you 
think that the Asterisk SIP channel will be trend-setting :-)


More information about the asterisk-dev mailing list