On Tue, 2004-08-10 at 11:03, [EMAIL PROTECTED] wrote: > FYI > > 403 Forbidden > > This response is used to deny a request without giving the caller any recourse. It > is sent when the server has understood the request, found the request to be > correctly formulated, but will not service the request. This response is not used > when authorization is required.
That's a reasonable interpretation. We chose to return an authentication failure (40[17]) if the credentials are not good, but that does leave open the possibility that the UA could try again. Personally, I don't think 403 is the best possible response to a REGISTER request unless the credentials were good but the requested operation was not (we know who you are, but you're not allowed to register - doesn't make much sense to me), but I wouldn't call it 'broken'. If they are returning 403 when the credentials are incorrect, (the username is known and the realm is right but the response hash is incorrect, indicating a bad password), then that's broken. -- Scott Lawrence Consulting Engineer Pingtel Corp. sip:[EMAIL PROTECTED] +1.781.938.5306 x162 _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
