The mechanism and algorithm for SIP authorization is taken from http://www.ietf.org/rfc/rfc2617.txt There is an algorithm parameter which is normally set to "md5". I would've thought this could be changed to something else.
Only problem then might be interop! If the server can't do "sha1", is there a way for it to indicate that it failed due to an unsupported algorithm? Is there a way to indicate that it can only do md5 in the hashing response? Regards Attila -----Original Message----- From: [email protected] on behalf of Kevin P. Fleming Sent: Wed 23/03/2011 18:47 To: [email protected] Subject: Re: [Sip-implementors] about md5() On 03/23/2011 05:04 AM, Olle E. Johansson wrote: > > 23 mar 2011 kl. 10.48 skrev pranab sahoo: > >> Hi All >> Thanks all of you providing a platform to clarify sip doubts >> >> can we use any other algorithm than md5 during registration process? >> >> > http digest auth with MD5 is the current implementation - even though many of > us believe we should move to SHAx. What is required for that to become an option? It looks like the language in RFC 3261 really wasn't written to provide an easy method to make additional digest algorithms available. If that means that doing so would require revising RFC 3261 itself... that seems like a completely impractical task :-) -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: [email protected] | SIP: [email protected] | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
