Lorenzo Buoofelli wrote: > In "draft-ietf-sip-rfc2543bis-05" pag 82 I read: > "Any time a proxy server or user agent receives a request, they MAY > challenge > the initiator of the response to provide assurance of their identity" > > Certainly it is valid for Register, Invite, Bye, Cancel and Option. > Is it valid for ACk too? > > Can a proxy require an authentication on a ACK request? >
No, it can't. Neither for CANCEL. We will fix in bis-06. [EMAIL PROTECTED] wrote: > The UA or proxy may demand the client to include the > (Proxy-)Authorization header field in the ACK, if the client has been > challenged earlier in the dialog, e.g. for the INVITE request. For ACK for 2xx, a UAC is supposed to provide the same credentials in it as the INVITE. For ACK for non-2xx, you need transport level mechanisms to verify that the surce of the ACK is the same as the original request, same with CANCEL. > For > Digest authentication the client has all information (nonce, nc, qop > etc.) it need to calculate a correct response value. The problem is that > if no (Proxy-)Authorization header field is included, what should the UA > or proxy do if it can't send a response? Discard. Thanks, Jonathan R. > ----- Original Message ----- > From: Bob Penfield <[EMAIL PROTECTED]> > Date: Monday, January 7, 2002 2:34 pm > Subject: Re: [Sip-implementors] Authentication on ACK > > >>There is never a response to an ACK. Therefore a proxy or user >>agent cannot >>challenge an ACK. If a challenge was appropriate, it would have >>occurred for >>the INVITE. >> >>(-:bob >> >>Robert F. Penfield >>Chief Software Architect >>Acme Packet, Inc. >>130 New Boston Street >>Woburn, MA 01801 >>[EMAIL PROTECTED] >> >>----- Original Message ----- >>From: <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Sent: Monday, January 07, 2002 1:04 PM >>Subject: [Sip-implementors] Authentication on ACK >> >> >> >>>In "draft-ietf-sip-rfc2543bis-05" pag 82 I read: >>>"Any time a proxy server or user agent receives a request, they MAY >>> >>challenge >> >>>the initiator of the response to provide assurance of their >>> >>identity"> >> >>>Certainly it is valid for Register, Invite, Bye, Cancel and Option. >>>Is it valid for ACk too? >>> >>>Can a proxy require an authentication on a ACK request? >>> >>>Thanks >>>Lorenzo >>> >>> >>>___________________________________________ >>> >>>Lorenzo Boffelli >>>STRE Engineer >>> >>>Allied Telesis K.K. >>>Head Office / 4F TOC Bldg, 7-22-17 Nishi-Gotanda, >>>Shinagawa-ku, Tokyo Japan, 141-8635 >>>European R&D Center >>>Piazza Tirana, 24/4 b Phone: +39 02 41411201 >>>20147 Milano Fax: +39 02 41411260 >>>ITALY >>>Email: [EMAIL PROTECTED] >>>___________________________________________ >>>_______________________________________________ >>>Sip-implementors mailing list >>>[EMAIL PROTECTED] >>>http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors >>> >>> >>_______________________________________________ >>Sip-implementors mailing list >>[EMAIL PROTECTED] >>http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors >> >> > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors > > -- Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Avenue Chief Scientist First Floor dynamicsoft East Hanover, NJ 07936 [EMAIL PROTECTED] FAX: (973) 952-5050 http://www.jdrosen.net PH: (973) 952-5000 http://www.dynamicsoft.com _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
