3.1.12 Digest Challenge Extension

This protocol does not use the Shared Secret authentication mechanism specified in [IETFDRAFT-TURN-08] sections 7.1 and 8.2. Instead, it uses long-term credentials that consist of a user name and password that are pre-configured on the protocol client. The TURN server MUST be able to verify the user name and discover the associated password. These credentials are used in place of the short-term shared secrets specified in [IETFDRAFT-TURN-08] section 7.2.2. The Allocate request and Allocate error response messages have been extended to use long-term credentials in a digest challenge and response exchange. These messages are used in the following procedure:

1. The protocol client MUST form an initial Allocate request message, as specified in section 3.2.4.1 and send it to the TURN server.

2. Upon reception of an Allocate request message, the TURN server does processing as specified in section 3.3.5.1 sending an Allocate error response message to the protocol client.

3. When the protocol client receives the Allocate error response message, it does processing as specified in section 3.2.5.2 sending a second Allocate request message to the TURN server.

4. Upon reception of the second Allocate request message, the TURN server does processing as specified in section 3.3.5.1 sending either an Allocate response message or an Allocate error response message to the protocol client.

5. If the protocol client receives an Allocate response message, it does processing as specified in section 3.2.5.1.  If the protocol client receives an Allocate error response message it does processing as specified in section 3.2.5.2.