Hi If the server does not know the alogirthm of UAC, then it should send the algorithms it understands in 401. like MD5 or MD5-sess with the corresponding attribute values for that algorithm.
Regards Ranjit -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rao Chittaranjan-Q16916 Sent: Saturday, February 26, 2005 12:40 PM To: [email protected] Cc: Rao Chittaranjan-Q16916 Subject: [Sip-implementors] Authentication algorithm selection problem in RFC 3310 Hi All, For AKA as per RFC 3310 the algorithm directive is overloaded to indicate Digest AKA. In section 3.1 of RFC 3310 it is mentioned that if the algorithm directive is not understood, the accompanying nonce value SHOULD be ignored and another challenge should be used instead. In section 5.3 of the same RFC it is mentioned that "A client receiving an HTTP Digest challenge with several available algorithms MUST choose the strongest algorithm it understands". As per RFC 2617, the algorithm directive "algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" | token )" does not seem to be a list of options. If the server does not know the exact algorithm supported by the UE, what should it send in a 401 response? Should it maintain state (which RFC 3261, 26.3.2.4 DoS Protection discourages) and send a sequence of 401 messages starting from the strongest algorithm it supports? For example should the server send a 401 with algorithm=AKAv1-MD5, and if it gets no response, then send a 401 with algorithm=MD5 ? Thanks in advance, Regards, Chittaranjan _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
