>> This is >> because the ua sends it's registration refresh unauthenticated. The >> registrar will then push back an authentication challenge request so the >> ua can prove its identity, at which point the ua then repeats the same >> transaction, but with authentication credentials attached. > >Why does it do that? Every time I do a debug, I see the first request >denied as unauthorized and then it always comes right back and gets
Welcome to HTTP Digest authentication. The request has to get challenged to get a new nonce from the server (so as to mitigate replay attacks). You could TLS and auth off of the client cert, except few devices support that, and you'd have the "overhead" of TCP (which is like bad or something). -Michael _______________________________________________ Freeswitch-users mailing list [email protected] http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
