Hello, comments inline.
On 03-01 10:17, Karsten Knüttel wrote:
Hi there,
In a REGISTER case there is a HeaderField AUTHORIZATION. The usual encryption algorithm is "MD5".
MD5 is used for hash computation, not for encryption.
Is it possible to REGISTER without any encryption?
There is no encryption used, the Authorization header field is used for authorization only, not for encryption.
Please give a statement if I understood everything right or correct me:
Digest Username => not encrypted; realm =>not encrypted; URI =>not encrypted;
Nonce => encrypted => is Password? Response => encrypted => what´s that?
Nonce is a string generated by the server, client uses the string to compute response.
Response is a string computed by the client, among other things, it is a hash of username, password and so on. The server then recalculates the response and if it is same, the user is authenticated.
regards, Jan.