| Summary: |
The HTTP Digest algorithm, specified in RFC 2617,
allows for authentication of a request, along with integrity checks
over the method, request URI, and optionally, the body. HTTP Digest is
the primary client authentication mechanism used by SIP. However,
Digest does not provide for integrity checks over several key SIP
headers, including the To, From, Call-ID and Contact headers. We
define a mechanism for supporting integrity over these headers, using
a new algorithm we call predictive nonces. The mechanism requires no
changes in clients, and no protocol changes. It requires only a change
in the way the nonce is computed by servers.
|