[asterisk-users] Asterisk encrypted authentication for clients

Pete Mundy pete at fiberphone.co.nz
Thu Oct 29 23:18:42 CDT 2015


Isn't this why digest authentication (ie the nonce[1]) is part of the standard SIP auth handshake?

Ie, why do you think the password is not already encrypted?


[1] https://andrewjprokop.wordpress.com/2015/01/27/understanding-sip-authentication/
(paragraph starting 'Take a look at the Proxy-Authenticate header and you will see a Nonce parameter')

On 30/10/2015, at 10:01 AM, Motty <motty.cruz at gmail.com> wrote:

> Thanks Jeff, 
> I don't want SIP over TLS. I would like to encrypt password only, I suppose over TLS.
> On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote:
>> You want SIP over TLS.  That encrypts the signalling.  SRTP and ZRTP encrypt the actual voice traffic.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151030/7ec9fd57/attachment.html>

More information about the asterisk-users mailing list