Hi, What I would make explicit is that sending H(A1) without encryption is not much better than sending the password in the clear. i.e. you've still provided someone snooping the traffic all they need to authenticate any message they choose.
James -----Original Message----- From: Arunachalam Venkatraman [mailto:arunvenk@;cisco.com] Sent: 05 November 2002 15:22 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Sip-implementors] LDAP servers and SIP Authentication Ranjit I am not sure I understand your question. If you want to send passwords securely on an unsecured network, you must use some encryption mechanism. For MD5 digest authentication, the algorithm does not require knowledge of the password, if H(A1) is known. Thanks Venkat _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
