"Paul Tidwell" <[EMAIL PROTECTED]> writes:

> One message can have multiple credentials.  One for each proxy along the
> way, potentially. The UA_1 should include both Proxy credentials and the
> UA_2 in a single message.  There is also the concept of a realm that is
> important.  If all the nodes along the way are in the same realm, then only
> one set of credentials is necessary. This is not unique to RFC3265, but is
> covered by RFC3261 and RFC2617.

All correct, but there is one difference between proxy authentication
in SIP and HTTP (2617) worth noting.  In HTTP, proxy authentication is
hop-by-hop, so given

   A ----- P1 ----- P2 ----- B

if P1 and P2 are HTTP proxies that require authentication, then when
A sends a request to B it gets challenged by P1, but when the resent
request is challenged by P2, that challenge must be handled by P1 - it
is P1 that is authenticating to P2, not A:

   A ------- P1 ------ P2 ------ B
   |--req1-->|         |         |
   |<--407---|         |         |
   |--req2-->|         |         |
   |         |--req2-->|         |
   |         |<--407---|         |
   |         |--req3-->|         |
   |         |         |--req3-->|

Both resent requests (req2 and req3) have only one Proxy-Authorization
header (proxies strip that header before forwarding the message). 

In SIP, authentication is always of the originator, so getting through
2 proxies that challenge looks different:

   A ------- P1 ------ P2 ------ B
   |--req1-->|         |         |
   |<--407---|         |         |
   |--req2-->|         |         |
   |         |--req2-->|         |
   |         |<--407---|         |
   |<--407---|         |         |
   |--req3-->|         |         |
   |         |--req3-->|         |
   |         |         |--req3-->|

the third time A sends the request (req3), it has 2
Proxy-Authorization headers, one for P1 and one for P2.

--
Scott Lawrence
  Pingtel Corp.

_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to