Dear all,
the RFC3325 states in Chapter 11.2 Authentication requirements that "Users must be
authenticated using SIP Digest Authentication". This contradicts the statement in the
SIP discussion
list that the P-Asserted-Identity should be available in response messages, too.
However I see no
way to authenticate response messages with SIP mechanisms. Additionally the RFC shows
the usage
of these headers only for Requests.
If there is a common understanding that the P-Asserted-Identity header is required for
responses,
will there be an update of the RFC?
* What happens in a case where a proxy receives a response from a node he does
not trust? He cannot
authenticate the originator of the response. This means that he can only set up the
P-Asserted-Identity
for responsens of users which are stored within the database which is accessible by
the proxy.
* Does this mean that response messages from users not available in the database
would be skipped by the
proxy.
* Which responses should contain this P-Asserted-Identity Header? Only final
responses or even provisional ones?
Best regards,
Wolfgang Deuringer
____________________________________________________
Wolfgang Deuringer
ICN CP D NA D12
Mch H/Sc8
Tel. +49 89 722 28236
Fax + 49 89 722 48697
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
