Anyone have any idea why?
From RFC 3261
RFC 3261 SIP: Session Initiation Protocol June 2002
A WWW-Authenticate header field value contains an authentication
challenge. See Section 22.2 for further details on its usage.
WWW-Authenticate: Digest realm="atlanta.com",
opaque="", stale=FALSE, algorithm=MD5
21 Response Codes
The response codes are consistent with, and extend, HTTP/1.1 response
codes. Not all HTTP/1.1 response codes are appropriate, and only
those that are appropriate are given here. Other HTTP/1.1 response
codes SHOULD NOT be used. Also, SIP defines a new class, 6xx.
21.4.2 401 Unauthorized
The request requires user authentication. This response is issued by
UASs and registrars, while 407 (Proxy Authentication Required) is
used by proxy servers.
22.2 User-to-User Authentication
When a UAS receives a request from a UAC, the UAS MAY authenticate
the originator before the request is processed. If no credentials
(in the Authorization header field) are provided in the request, the
UAS can challenge the originator to provide credentials by rejecting
the request with a 401 (Unauthorized) status code.
The WWW-Authenticate response-header field MUST be included in 401
(Unauthorized) response messages. The field value consists of at
least one challenge that indicates the authentication scheme(s) and
parameters applicable to the realm.
An example of the WWW-Authenticate header field in a 401 challenge
When the originating UAC receives the 401 (Unauthorized), it SHOULD,
if it is able, re-originate the request with the proper credentials.
The UAC may require input from the originating user before
proceeding. Once authentication credentials have been supplied
(either directly by the user, or discovered in an internal keyring),
UAs SHOULD cache the credentials for a given value of the To header
field and "realm" and attempt to re-use these values on the next
request for that destination. UAs MAY cache credentials in any way
they would like."