Re: [Sip-implementors] Digest response with no "qop" even if 401 included it [SOLVED]

Iñaki Baz Castillo Sat, 19 Jul 2008 07:53:53 -0700

El Sábado, 19 de Julio de 2008, Iñaki Baz Castillo escribió:
> Hi, what should do a server if it receives an "Authorization" header with
> no "qop" field when the "WWW-Authenticate" header in the 401 did include
> it?


Well, RFC 3261 says:

   22.4 The Digest Authentication Scheme
      8 - ...
          However,
          servers MUST always send a "qop" parameter in WWW-Authenticate
          and Proxy-Authenticate header field values.  If a client
          receives a "qop" parameter in a challenge header field, it
          MUST send the "qop" parameter in any resulting authorization
          header field.

It seems to reply my answer :)



-- 
Iñaki Baz Castillo

_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors

Re: [Sip-implementors] Digest response with no "qop" even if 401 included it [SOLVED]

Reply via email to