[prev in list] [next in list] [prev in thread] [next in thread]
List: sip-implementors
Subject: Re: [Sip-implementors] REGISTER request with WWW-Authenticate
From: Brett Tate <brett () broadsoft ! com>
Date: 2009-03-24 13:59:11
Message-ID: 9B2A061A1137254BBE4F4B2CD843646A10BFF48FDC () mbx02 ! citservers ! local
[Download RAW message or body]
> It seems they are using WWW-Authenticate header as means to
> exchange the nonces, so that the subsequent messages when
> challenged will use the one advertised in the REGISTER
> through WWW-Authenticate header field.
I don't fully understand the sentence; however it sounds like you/they might be \
attempting to cache pre-allocated credentials across dialogs. You and/or they should \
read RFC 3261 sections 22.2-3.
If the registrar is acting as a user-agent, caching across dialogs might be allowed \
(although debatable and not as you indicated). "UAs MAY cache credentials in any way \
they would like."
It is debatable because sometimes "credentials" includes nonce within meaning and \
sometimes it doesn't.
The following is what section 22.3 indicates concerning Proxy-to-User authentication: \
"These credentials MUST NOT be cached across dialogs; however, if a UA is configured \
with the realm of its local outbound proxy, when one exists, then the UA MAY cache \
credentials for that realm across dialogs."
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic