The Digest authentication is based on RFC 2617, HTTP Basic and Digest Access Authentication. Our objective in this chapter is to show the basics of a system with Digest authentication. It is not an answer to all the possible security problems with SIP, but it is certainly a good method to protect names and passwords traversing the network. The following figure shows how digest authentication works:

The Digest scheme is a simple challenge-response mechanism. It challenges UA using a nonce value. A valid response includes a checksum of all the parameters. Thus, the password is never transmitted as simple text.