Dale R. Worley wrote:
The whole concept of "consuming" authorization headers (or any other
header) is a Bad Idea and should never be done.
I am curious ... why? Is it only because as you write:
There is also the failure mode where two different proxies in a chain
authenticate against the same realm. If the first proxy "consumes"
all Proxy-Authorization headers for that realm, the second proxy will
*never* pass the request because the UA can never get a Proxy-
Authorization for that realm to it.
Even if that was the case, the nonce generated at one proxy
may not hold meaning for the next proxy in the same realm.
Is it common for a request to be passed through multiple
proxies in the same realm?
So far, at the bakeoffs and such, I have seen proxies consuming
their authorization headers, and things appear to work as intended.
The SIP Services Call Flow (rfc3665) also shows proxies
consuming the header (I know rfc3665 is not normative...).
Thanks,
- vijay
--
Vijay K. Gurbani [EMAIL PROTECTED],research.bell-labs.com,acm.org}
Lucent Technologies/Bell Laboratories, 2000 Lucent Lane, Rm 6G-440
Naperville, Illinois 60566 Voice: +1 630 224 0216
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
