Scott, >From perspective of credentials it does not make sense to send preemptive >Authorization header in initial REGISTER. However, according to 3GPP, private id needs to be included in initial REGISTER. The header that has been chosen for it is Authorization header and the parameter that has been chosen for that is username.
In this case the client does not have the credentials, so the Authorization header will look like: Authorization: Digest username=<username> It is clear about the syntax of subsequent REGISTER's Authorization header. The questions are more general and include preemptive Authorization header in case when the client does not have credentials. My questions from below still stand opened: 1) For SIP Authorization header should we use RFC 3261's BNF for Authorization header or the one included in RFC 2617? 2) Which parameters are mandatory in Authorization header for SIP authentication using digest. Our understanding is: - follow RFC 3261's BNF for Authorization header since it is redefined here. - there are no specific mandatory parameters. The only rule is to specify at least one parameter (this will, of course, cause 401 from the server - we only want to know the correct syntax to be use BR, Agnes -----Original Message----- From: Scott Lawrence [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 28, 2004 9:26 PM To: Agnieszka Szczurowska R (TX/EUS) Cc: '[EMAIL PROTECTED]'; Paul Edler (TX/EUS) Subject: Re: [Sip-implementors] SIP authentication 3261 vs. 2617 On Wed, 2004-09-22 at 11:05, Agnieszka Szczurowska R (TX/EUS) wrote: > My question is about BNF for digest authentication. RFC 3261 closely follows RFC > 2617, however RFC 3261 still provides BNF for Authorization header. > > 1) For SIP Authorization header should we use RFC 3261's BNF for Authorization > header or the one included in RFC 2617? > > 2) Which parameters are mandatory in Authorization header for SIP authentication > using digest. > > Our understanding is: > - follow RFC 3261's BNF for Authorization header since it is redefined here. > - there are no specific mandatory parameters. The only rule is to specify at least > one parameter (this will, of course, cause 401 from the server - we only want to > know the correct syntax to be used). If you have not yet received a challenge from the server, just don't include an Authorization header at all. When you're challenged, you'll know which syntax to use. -- Scott Lawrence Consulting Engineer Pingtel Corp. sip:[EMAIL PROTECTED] +1.781.938.5306 x162 _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
