On Fri, 2006-07-14 at 11:56 -0700, Mike Dorin wrote: > I am a bit confused about digest authentication. > I am reading the sip Internet Draft by Paul Smith and > Ian Clarkson regarding this subject.
See RFC 2617. > According to RFC 3261, the digest-uri-value = > Request-Uri. > > Looking at the example by Paul Smith, which is based > on a challenge to an INVITE message...it does not > seem like they use the Request-URI in that case. > Looks like they used the From-Uri. This seems to > make sense. > > However looking at a Register message from an example > from a different source, the request URI is used. > > Am I confused about what the request-URI is? > > Is there a selection process for which URI to use? The authentication response hash is always generated by the original requesting UAC. It should put the Request-URI into the hash calculation and record it in the uri parameter of the Authorization header. Note that forking and other forms of retargeting in proxies may change the Request-URI as seen by other proxies and the eventual UAS(s); that is why the uri parameter is there - it allows them to duplicate the hash original hash calculation to validate the credential. -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:[EMAIL PROTECTED] sipXpbx project coordinator - SIPfoundry http://www.sipfoundry.org/sipX Chief Architect - Pingtel Corp. http://www.pingtel.com/ _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
