On Tue, 2004-08-10 at 11:03, [EMAIL PROTECTED] wrote:
> FYI
> 
> 403 Forbidden
> 
> This response is used to deny a request without giving the caller any recourse. It 
> is sent when the server has understood the request, found the request to be 
> correctly formulated, but will not service the request. This response is not used 
> when authorization is required.

That's a reasonable interpretation.  We chose to return an
authentication failure (40[17]) if the credentials are not good, but
that does leave open the possibility that the UA could try again.

Personally, I don't think 403 is the best possible response to a
REGISTER request unless the credentials were good but the requested
operation was not (we know who you are, but you're not allowed to
register - doesn't make much sense to me), but I wouldn't call it
'broken'.  If they are returning 403 when the credentials are incorrect,
(the username is known and the realm is right but the response hash is
incorrect, indicating a bad password), then that's broken.

-- 
Scott Lawrence
Consulting Engineer
Pingtel Corp.   
sip:[EMAIL PROTECTED]
+1.781.938.5306 x162

_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to