Nokia and Ericsson (and others) have authored an rfc3329 on authentication which is now a proposed standard.
Has anyone done any work on this authentication method yet? It seems that some new (mobile) UA devices will require a sec-agree handshake and will refuse to register if there is no sec-agree response.