Since the nonce itself is generated by the Authentication protocol, the
nonce size is decided by the protocol being used. RFC 2617 defines nonce:-
nonce
A server-specified data string which should be uniquely generated
each time a 401 response is made. It is recommended that this
string be base64 or hexadecimal data. Specifically, since the
string is passed in the header lines as a quoted string, the
double-quote character is not allowed.
The contents of the nonce are implementation dependent. The quality
of the implementation depends on a good choice. A nonce might, for
example, be constructed as the base 64 encoding of
time-stamp H(time-stamp ":" ETag ":" private-key)
I don't think SIP by itself places any restriction on the nonce length. The
nonce length bounds purely depend on the authentication protocol in
question. E.g.
* IKEv2 requires the size of nonce to be between 16-256 octets
* HTTPS uses a 16 octet nonce
Of course, using an extremely large nonce can even cause IP fragmentation &
is not advisable.
Regards,
Gaurav
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mushtaq Ilyas
Sent: Thursday, April 12, 2007 12:54 PM
To: [EMAIL PROTECTED]
Subject: [Sip-implementors] nonce size (authentication)
Are there any caps on the size of the nonce produced (in a 401/407 response)
by a server i.e. minimal string length or maximum string length?
Regards
Mushtaq Ilyas
___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
