The question is a little too narrow. The same issues apply to any
in-dialog request.
Steve makes a good point. But practically speaking authentication is
rarely done on in-dialog requests. Bypassing it assumes that the dialog
id is only known to the parties on the signaling path, even though this
might not be true.
In most cases, in the original scenario here Phone A would not share a
secret with Phone B that could be used for authentication. So if Phone A
issues a challenge there is a strong likelihood that it will fail.
This wouldn't necessarily cause the call to fail, but wouldn't help.
BUT, if Phone A *does* issue a challenge like this, then of course Phone
B should properly respond to it if it has the proper credentials to do so.
Paul
Steve Langstaff wrote:
> How do you know it *really* is phone B that is asking for the HOLD?
>
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On
>> Behalf Of SCG2
>>
>> Is there any circumstance at all where it makes sense to
>> challenge an INVITE which is putting a call on hold?
>>
>> I can find nothing in 3264 that suggests it, but wondered if:
>>
>> Phone A -> Phone B (in doing so phone A may have been authenticated)
>>
>> Phone B later goes to put phone A on hold
>
> _______________________________________________
> Sip-implementors mailing list
> [email protected]
> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
>
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
