> -----Original Message-----
> From: T.Sunil Kumar [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 9:14 AM
> To: SIP implementors; Jonathan Rosenberg
> Subject: www-authenticate header
>
>
> Hi,
>
> Should it be treated as 401 response header alone or request header
> also?
It used to be both request and response, since we used to support
authentication of responses by "mirroring" the request authentication
mechanism. However, rfc2617 supports a mechanism for response authentication
that is now to be used instead. THerefore, WWW-AUthenticate should just be a
request header.
This will be reflected in the next rev.
-Jonathan R.
---
Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Ave.
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.dynamicsoft.com
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
