Hi, RFC 2617 defines "nonce-count" (nc) field in the
request "(Proxy-)Authorization" header as:
nonce-count
This MUST be specified if a qop directive is sent (see above), and
MUST NOT be specified if the server did not send a qop directive in
the WWW-Authenticate header field. The nc-value is the hexadecimal
count of the number of requests (including the current request)
that the client has sent with the nonce value in this request. For
example, in the first request sent in response to a given nonce
value, the client sends "nc=00000001". The purpose of this
directive is to allow the server to detect request replays by
maintaining its own copy of this count - if the same nc-value is
seen twice, then the request is a replay. See the description
below of the construction of the request-digest value.
What is a "request replay"? In SIP we have already the "retransmission"
concept that is handled by transaction layer and not by the core. Maybe this
field makes sense just in HTTP where AFAIK there is not "retransmission"
concept?
If not, what is a "request replay" in SIP?
Thanks a lot.
--
Iñaki Baz Castillo
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
