Hi
In section 13.2 of the bis draft it is mentioned that "basic" and
"digest" authentication mechanisms offer authentication only, without
message integrity. In the digest authentication mechanism however, the
"entity-body" is signed when qop is auth-int. Though the SIP draft does not
specify what the entity body here means, I saw a mail in lists that said
that message-body and entity-body are synonymous in SIP. Is this correct ?
If yes, isn't digest authentication offering message integrity (for the
message body at least) ? Perhaps this needs to be made a little clearer in
the draft. Section 14.3 which contains SIP specific clarifications for
digest authentication might be appropriate for this.
Regards,
Binu
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
