So that means that I (Proxy Server) will never get a request (containing authorization header) from a client that I have not challenged before? Regards Mushtaq Ilyas
----- Original Message ---- From: Paul Kyzivat <[EMAIL PROTECTED]> To: Mushtaq Ilyas <[EMAIL PROTECTED]> Cc: [email protected] Sent: Tuesday, 10 April, 2007 5:34:24 PM Subject: Re: [Sip-implementors] Authentication and Authorization Mushtaq Ilyas wrote: > Hello > > RFC 2617/3261 states that if a UAS/Proxy Server were to receive a request > lacking the Authorization header they can challenge the sender using a 401 or > 407 response. > > What if it all started with request that contained an Authorization header, > how could the UAC have generated the header? I mean, how could it get the > nonce value and hence generate the response field? > > Is that possible? If you have previously sent a request to the same destination (or proxy) and been challenged, you may (should) retain the nonce and then use it to preemptively add authentication information to future requests. This will reduce your overall message count by more than half when dealing with a destination that authenticates every request. Paul ___________________________________________________________ New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes. http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
