Jerry,
 
One message can have multiple credentials.  One for each proxy along the way, potentially. The UA_1 should include both Proxy credentials and the UA_2 in a single message.  There is also the concept of a realm that is important.  If all the nodes along the way are in the same realm, then only one set of credentials is necessary. This is not unique to RFC3265, but is covered by RFC3261 and RFC2617.
 
If UA_1 does not respond to a NOTIFY then UA_2 is allowed to remove the subscription.  But why does UA_1 not respond?  Receiving an INVITE would not impact this because each transaction is independent.  UA_1 may be slow in responding if it is busy, but 32 seconds is a very long time.  If in the very rare case where a NOTIFY is lost due to network problems causes UA_2 to remove the subscription, UA_1 will eventually refresh the SUBSCRIBE and discover the problem.  If in your network, the case is not so rare, it is reasonable for UA_2 not to remove the subscription (its is a SHOULD in the RFC) but instead perhaps throttle the NOTIFY or wait until 2 or 3 NOTIFYs in a row do not get responses.
 
Regards,
Paul 
----- Original Message -----
Sent: Thursday, January 15, 2004 6:40 AM
Subject: [Sip-implementors] A few serious issues with RFC 3265!

Hi Guys!
 
Let's consider the following scenario.
 
UA_1: User Agent #1, the subscriber.
UA_2: User Agent #2, the notifier.
PS  : Proxy Server
LS  : Location Service.
 
| | |UA_1|               | PS |               |UA_2|
|1| |    |---SUBSCRIBE-->|    |               |    |
|2| |    |<---401/407----|    |               |    |
|3| |    |---SUBSCRIBE-->|    |---SUBSCRIBE-->|    |
|4| |    |<-----401------|    |<-----401------|    |
|5| |    |---SUBSCRIBE-->|    |---SUBSCRIBE-->|    |
|6| |    |<-----202------|    |<-----202------|    |
|7| |    |<----NOTIFY----|    |<----NOTIFY----|    |
|8| |    |------200----->|    |------200----->|    |
 
1. UA_1 sends a SUBSCRIBE with Request URI, that of UA_2.
2. PS responds with a 401/407 saying "Authenticate with ME first!".
3. UA_1 sends SUBSCRIBE with credentials for PS's earlier challenge.
   PS now looks up in the LS and proxies the SUBSCRIBE to UA_2.
4. UA_2 responds with a 401 Unauthorised.
 
How must one send credentials in the next SUBSCRIBE?
i.e if we send credentials for PS, UA_2 will again reject the SUBSCRIBE.
If we send credentials for UA_2, shouldn't PS reject it as it is a "new"
request? What must one do?
 
Another issue is whether a NOTIFY is re-transmitted at all.
If UA_1 is busy doing something and cannot immediately respond to the NOTIFY
or if it misses the NOTIFY, then what? Will UA_2 remove UA_1's subscription?
Also, problems occur when another dialog creating request is received. Let's
consider two cases.
1. Say we receive a NOTIFY. In the next instant, we receive an INVITE. Now
   what?
2. Converse of 1
 
Regards,
 
Jerry Ipe Thomas
Trainee Engineer (R&D)
D-Link India Software and R&D Center
Bangalore
Land Line: +91-80-6788350/51
Extn #: 117


_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to