Subash I don't think it is possible to use IP address to determine the previous hop of a CANCEL is same as the INVITE's. In a multi-homed host, there is no guarantee or requirement that all messages be sent through the same interface. This is the reason I think the previous hop indicates the VIA.
Venkat -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 1:07 AM To: Arunachalam Venkatraman Cc: [EMAIL PROTECTED] Subject: RE: [Sip-implementors] Credentials in CANCEL - qop nc-value >> Subash >> RFC3261 says that generally, the CANCEL will be accepted >> by a server as long as it comes from the same previous hop >> as the original request. It does not state that CANCEL >> SHOULD or MUST be sent without credentials. You are right about that...but i remember that this was an open issue during the early bis revisions (around 05-06) and the resolution was that elements must not challenge CANCEL requests. Ofcourse, this does not forbid you from inserting credentials in CANCEL but i was trying to get at the fact that it would not be used by any element anyway. >> By previous hop, I assume the reference is to the VIA >> header, right? Since this can be easily spoofed, it >> is not very secure. Previous hop refers to the source IP of the request IMO. If the source IP of the CANCEL is same as the source IP of the INVITE, that would validate the CANCEL. >> Anyway, my question was that if the CANCEL originated at >> a UAC (not a proxy), it can be sent with credentials. In >> this case, the credentials can be validated. In a >> proxyless network(!), this technique can be used, instead >> of the previous hop validation using the VIA header. >> In such a case, should the nc-value be incremented? I >> think the answer is yes. I'm not sure about this. For ACK to INVITE requests, the RFC says that one should copy the Auth headers from the INVITE (i.e. don't increment nc-value or recompute the response-digest). Regards, Subhash. _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
