Moving response to an old question on sip to sip-implementors. > -----Original Message----- > From: Vijay Gurbani [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 16, 2001 11:31 AM > To: Vijeth D > Cc: [EMAIL PROTECTED] > Subject: Re: [SIP] OPTIONS request > > > Vijeth D wrote: > > > > Hi, > > If I am a UAS and i recieve an OPTIONS request on what > basis do i decide > > whether or not to send a response? > > Well, a UAS that believes it can contact the user MAY respond with a > capability set of the user (codecs, etc.). Even if a UAS > does not want to > return a 2xx to OPTIONS, it should return a non-2xx final > response; a 501 > with an Allow header would be appropriate. I admit the spec is less than clear on exactly how to formulate a response to OPTIONS, particularly the SDP. Some text is forthcoming; its a known omission. > > This is really discussed in the RFC. > > > Should all OPTIONS requests be authenticated? > > No. I don't think its as cut and dry as that. Security experts would tell you that all requests should be authenticated before responding; especially in light of the recent thread on potential DoS attacks in UDP based stateful responding to requests. So, the answer is, it depends on the needs of your application. If you don't want to reveal information about codecs or availability to anyone, you should authenticate. -Jonathan R. --- Jonathan D. Rosenberg 72 Eagle Rock Ave. Chief Scientist First Floor dynamicsoft East Hanover, NJ 07936 [EMAIL PROTECTED] FAX: (973) 952-5050 http://www.cs.columbia.edu/~jdrosen PHONE: (973) 952-5000 http://www.dynamicsoft.com _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
