Vimal, Did you get my question? I am talking about an incoming call scenario when say the SIP proxy sends Invite to the SIP client (e.g. my SIP phone). The SIP proxy wants to challenge the SIP client to make sure the call is not delivered to a fake entity. How does your comment fit in this scenario?
Or I am missing some basic understanding? Please help. Shikhar -----Original Message----- From: vimal srivastava [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 1:54 PM To: [EMAIL PROTECTED]; [email protected] Subject: RE: [Sip-implementors] Authenticating an incoming SIP call yes, registration alone does not suffice. in the invite you should include authorization header. if you dont then, you can be challenged by 401 or 407. more over you might end up encoding multiple authorization header for different nodes in between :) cheers From: "Shikhar Sarkar" <[EMAIL PROTECTED]> To: <[email protected]> Subject: RE: [Sip-implementors] Authenticating an incoming SIP call Date: Thu, 13 Oct 2005 13:01:39 -0400 Guys, This discussion is going interesting. One group of people responded saying "Yes possible", and the other said "It's not". The end result is that I am very confused now. I am trying to figure out a way in which I can challenge the SIP endpoint before delivering a call to it. The endpoint has already registered and passed authentication. But, when delivering an incoming call, if I want additionally to make sure that the call is not delivered to a spoofer, is there a way to authenticate the user? I am talking about something similar that happens in the cellular world. Shikhar -----Original Message----- From: Asheesh Joshi [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 1:57 AM To: 'Shikhar Sarkar'; [email protected] Subject: RE: [Sip-implementors] Authenticating an incoming SIP call Yes... Authentication challenge can happen for any request except CANCEL and ACK Authentication mechanism is the Digest Authentication. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shikhar Sarkar Sent: Thursday, October 13, 2005 4:25 AM To: [email protected] Subject: [Sip-implementors] Authenticating an incoming SIP call Guys, Is there a way to authenticate a SIP user for incoming call scenario such as: IAM Invite SS7----------->Softswitch------------->WiFi SIP device The WiFi SIP device of course has already registered with Softswitch. But is that enough to assume that there is no clone/eavesdropper? I am wondering why I always see 401/407 challenges always opposite to the direction of Invite. Is there a way to include Authentication challenge in the Invite itself? Please throw some light. Shikhar _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
