[asterisk-dev] asterisk sip authentication flawed?

[Jared Smith]

On 1/4/07, Kevin P. Fleming <kpfleming at digium.com> wrote:
> Well, I can think of a couple of comments... First, the way Asterisk
> does SIP authentication right now is far too complex and out of the
> 'spirit' of the RFCs anyway, so Olle is working on changing that.

I couldn't agree more.  See bug 8565 for another fun example of how
SIP authentication is broken in Asterisk.

-Jared