@techreport{undery-sip-auth-01,
    number =    {draft-undery-sip-auth-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-undery-sip-auth/01/},
    author =    {James Undery and Sanjoy Sen and Vesa Torvinen},
    title =     {{Enhanced Usage of HTTP Digest Authentication for SIP}},
    pagetotal = 7,
    year =      2002,
    month =     jun,
    day =       14,
    abstract =  {HTTP Digest has some shortcomings if applied for SIP. Firstly, SIP UA has serious difficulties to distinguish the source of Authentication-Info and Proxy-Authentication-Info headers in SIP forking situations. This is due to the absence of the ‘realm’ parameter in these headers. Secondly, HTTP authentication is particularly vulnerable against MITM bid-down attacks on the list of algorithms (e.g., MD-5, SHA-1) or the desired security level (auth, auth-int). Thirdly, HTTP authentication provides limited integrity protection of only the message body. In SIP, important information can be carried in many of the headers that may need integrity protection. This draft proposes to add the realm parameter in the *- Authentication-Info headers, recommends a format for computing the nonce for detection of bid-down attack and proposes a mechanism for integrity protection of SIP headers using MIME body.},
}