On Mar 26, 2008, at 12:16 PM, Paul Hoffman wrote: > > - The document incorrectly talks about Digest authentication as the > only way that a SIP server running TLS can authenticate a client. > Basic authentication is just as good in such a case, and has many > properties that make it better than Digest when used under TLS. The > document should only talk about HTTP authentication, not Digest or > Basic.
The argument here is that basic was explicitly deprecated in RFC 3261. Many people feel that this was a mistake, but that's what we have to work with. RFC 3261 even explicitly says (in Section 22): > Note that due to its weak security, the usage of "Basic" > authentication has been deprecated. Servers MUST NOT accept > credentials using the "Basic" authorization scheme, and servers also > MUST NOT challenge with "Basic". This is a change from RFC 2543. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
