Mushtaq Ilyas wrote:
> Hello
>
> RFC 2617/3261 states that if a UAS/Proxy Server were to receive a request
> lacking the Authorization header they can challenge the sender using a 401 or
> 407 response.
>
> What if it all started with request that contained an Authorization header,
> how could the UAC have generated the header? I mean, how could it get the
> nonce value and hence generate the response field?
>
> Is that possible?
If you have previously sent a request to the same destination (or proxy)
and been challenged, you may (should) retain the nonce and then use it
to preemptively add authentication information to future requests. This
will reduce your overall message count by more than half when dealing
with a destination that authenticates every request.
Paul
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
