[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sip-implementors
Subject:    Re: [Sip-implementors] REGISTER request with WWW-Authenticate
From:       Brett Tate <brett () broadsoft ! com>
Date:       2009-03-24 13:59:11
Message-ID: 9B2A061A1137254BBE4F4B2CD843646A10BFF48FDC () mbx02 ! citservers ! local
[Download RAW message or body]

> It seems they are using WWW-Authenticate header as means to 
> exchange the nonces, so that the subsequent messages when 
> challenged will use the one advertised in the REGISTER 
> through WWW-Authenticate header field.

I don't fully understand the sentence; however it sounds like you/they might be \
attempting to cache pre-allocated credentials across dialogs.  You and/or they should \
read RFC 3261 sections 22.2-3.

If the registrar is acting as a user-agent, caching across dialogs might be allowed \
(although debatable and not as you indicated).  "UAs MAY cache credentials in any way \
they would like."  

It is debatable because sometimes "credentials" includes nonce within meaning and \
sometimes it doesn't.

The following is what section 22.3 indicates concerning Proxy-to-User authentication: \
"These credentials MUST NOT be cached across dialogs; however, if a UA is configured \
with the realm of its local outbound proxy, when one exists, then the UA MAY cache \
credentials for that realm across dialogs."


[prev in list] [next in list] [prev in thread] [next in thread]