ftp://ftp.rfc-editor.org/in-notes/authors/rfc3665.txt
Thanks, Alan Johnston MCI
At 02:23 PM 1/15/2004 -0500, Scott Lawrence wrote:
"Paul Tidwell" <[EMAIL PROTECTED]> writes:
> One message can have multiple credentials. One for each proxy along the > way, potentially. The UA_1 should include both Proxy credentials and the > UA_2 in a single message. There is also the concept of a realm that is > important. If all the nodes along the way are in the same realm, then only > one set of credentials is necessary. This is not unique to RFC3265, but is > covered by RFC3261 and RFC2617.
All correct, but there is one difference between proxy authentication in SIP and HTTP (2617) worth noting. In HTTP, proxy authentication is hop-by-hop, so given
A ----- P1 ----- P2 ----- B
if P1 and P2 are HTTP proxies that require authentication, then when A sends a request to B it gets challenged by P1, but when the resent request is challenged by P2, that challenge must be handled by P1 - it is P1 that is authenticating to P2, not A:
A ------- P1 ------ P2 ------ B |--req1-->| | | |<--407---| | | |--req2-->| | | | |--req2-->| | | |<--407---| | | |--req3-->| | | | |--req3-->|
Both resent requests (req2 and req3) have only one Proxy-Authorization header (proxies strip that header before forwarding the message).
In SIP, authentication is always of the originator, so getting through 2 proxies that challenge looks different:
A ------- P1 ------ P2 ------ B |--req1-->| | | |<--407---| | | |--req2-->| | | | |--req2-->| | | |<--407---| | |<--407---| | | |--req3-->| | | | |--req3-->| | | | |--req3-->|
the third time A sends the request (req3), it has 2 Proxy-Authorization headers, one for P1 and one for P2.
-- Scott Lawrence Pingtel Corp.
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
