Le 23 avr. 2014 à 09:50, Daniel-Constantin Mierla <mico...@gmail.com> a écrit :

> However, SIP RFC enforces www digest authentication and it is what all the 
> phones I am aware of in the wild support now.

Thanks for all this informations.

That explain me why all SIP product I see on the market have this really big 
issue of requiring a distinct PIN code for SIP account.

As a sys admin who maintain a unique identity for all enterprise services, it’s 
hard to accept to make an exception for SIP…

I don’t understand how it's possible to end up on a RFC like that…

The good point for me is, on OS X Server, I’ve a private API who can provide me 
DIGEST challenge, so something is possible. But for my FreeBSD based server, 
I’m stuck…



TLS authentication is harder to deploy in SMB. That mean a internal CA and a 
overhead to ensure that each client certificate are well secured.


The solution of BASIC authentication over TLS connection (with certificate only 
on the server) is widely used by HTTPS based software or event e-mail protocols 
to allow add-on services to be connected to existing directory services without 
requiring access to clear text password.


Cheers,
Yoann

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to