0

I am reading about authentication protocols for SIP. I found that all protocols transfer the id/Username during the mutual authentication phase, directly with the message. Is it necessary to have the username/id directly in CHALLENGE-RESPONSE messages ? Why is anonymity in public channels is not considered in case of authentication for SIP ?
Why dynamic identity concept is not used in authentication for SIP ? is there any reason or we can use Dynamic identity instead of passing username/id ?

LearningC
  • 101

1 Answers1

0

SIP supports full encryption ot the communication channel if you need anonymity.

Stanislav Sinyagin
  • 263
  • 1
  • 8
  • I'm not sure this actually answers the question... or is accurate (since when does encryption provide anonymity?)... but I'm also not sure it's wrong or not an answer, so I'm just gonna leave this comment. – HopelessN00b Feb 06 '14 at 07:09
  • encryption provides privacy, not anonymity. The OP asks about the ways of authentication, so the user is still known to the server, but with encryption it's hidden from the sniffing man in the middle. – Stanislav Sinyagin Feb 06 '14 at 10:39
  • @StanislavSinyagin ok thanks. I am designing authentication protocol for SIP. So i found that most authentication protocols pass the id/username in REQUEST and RESPONSE messages. Is it a requirement of SIP specification to have the username as part of REQUEST or RESPONSE message ? or i can create a dynamic identity instead and pass it? whether will have that freedom? – LearningC Feb 07 '14 at 05:04
  • I'm afraid you have to get deeper into http://www.ietf.org/rfc/rfc3261.txt – Stanislav Sinyagin Feb 07 '14 at 09:07
  • ok. then you too cant be sure that dynamic identity can be used or not. ok anyway thanks for info. i checked that document already but dint go through much. ok i'll check it again. – LearningC Feb 07 '14 at 09:18