On Wed, 2006-06-07 at 09:07 -0400, Charles Abondo wrote: > Thanks Dale for your answer but there is a still a problem. > Proxies use Proxy-Authorization and must remove them before forwarding > Register message and there is no forking for Register message, so I still do > not understand in which case you can have multiple Authorisation fields.
RFC 3261 does not seem to require that Proxy-Authorization headers are removed by the proxies that are appeased by them. I've argued in the past that a proxy should not remove them, though my case is not strong, and others have argued that RFC 3261 permits removing them. But there is no consensus even at this late date, so one should not depend on Proxy-Authorizations being removed. As for forking REGISTER requests, one can construct scenarios in which that is possible. For instance, suppose all out-of-dialog requests for a domain are forked to two proxy/registrar systems, each of which handles 1/2 of the user-name space, accepting REGISTERs for 1/2 of the user names and rejecting them for the other 1/2. If both demand authentication (to different realm names), then an initial attempt to register will fail. The forking proxy is required to consolidate both 407 responses into one 407 response with two demands for credentials. (See section 22.3.) The UA retries the request with both sets of credentials... Any SIP agent should be prepared to see more than one authorization header, and to see if any are acceptable to it... Dale --- interop.pingtel.com -- the public SIP phone interoperability test server _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
