Sorry in my earlier mail, what I meant was , there should be any problem if we make the authentication mechanism type case-INsensitive...
Thanks, Nataraju A.B. -----Original Message----- From: Nataraju Basavaraju Sent: Saturday, July 16, 2005 9:37 AM To: 'Scott Lawrence'; Daniel Cuevas Cc: [email protected] Subject: RE: [Sip-implementors] WWW-Authenticate method is case sensitive? Comments inline... Thanks, Nataraju A.B. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Lawrence Sent: Friday, June 17, 2005 8:38 AM To: Daniel Cuevas Cc: [email protected] Subject: Re: [Sip-implementors] WWW-Authenticate method is case sensitive? On Thu, 2005-06-16 at 11:54 +0200, Daniel Cuevas wrote: > Hi, > I would like to clarify if the syntax of the challenge method (Digest) in > the WWW-Authenticate header of a 401 response should be case sensitive or > not. > > In other words, the following messages sent by a SIP Proxy to a UA > > SIP/2.0 401 Unauthorized > WWW-Authenticate: Digest realm="domain.es" > > And > > SIP/2.0 401 Unauthorized > WWW-Authenticate: digest realm="domain.es" > > > Should be equally valid, or the word Digest should be case sensitive. In > this case, what would be the right format? >From RFC 2617: 1.2 Access Authentication Framework HTTP provides a simple challenge-response authentication mechanism that MAY be used by a server to challenge a client request and by a client to provide authentication information. It uses an extensible, case-insensitive token to identify the authentication scheme, The 'digest' token may be any case. 'dIgEsT' should work. [ABN] if you think in lay man's sense also, its worth making the authentication values case-sensitive than authentication type as case-sensitive. Hence I feel making authentication mechanism type (Digest, or any other) is not of any problem, and authentication parameters better to be case-sensitive for higher probability of uniqueness. [ABN] This generic rule could be applied for other headers also... -- Scott Lawrence, Consulting Engineer Pingtel Corp. http://www.pingtel.com/ +1.781.938.5306 x162 or sip:[EMAIL PROTECTED] _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors The information contained in this message may be confidential to Kodiak Networks, Inc. and its subsidiaries and protected from disclosure. If this message did not reach the intended recipient, or an employee or agent responsible for delivering it to the intended recipient, you are hereby informed that any distribution or copying of this communication is prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of the message and then delete the message. Thank you. _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
