I think A has to include both the Authorization Headers. Depending upon the "realm" B2BUA / B will select the relevant Authorization Headers.
Somesh S Shanbhag Mascon Global Limited -----Original Message----- From: [EMAIL PROTECTED] on behalf of Vivek Batra Sent: Tue 8/19/2008 5:42 PM To: [email protected] Subject: [Sip-implementors] Digest Authentication in multihoming application Hi, I have query regarding challenge response mechanism (digest authentication, MD5) in SIP as follows: A and B are SIP clients registered with B2BUA. A calls B and sends INVITE to B2BUA. B2BUA challenges INVITE with response 407 Auth. A again sends the INVITE with authentication header (say H1) and required credentials to B2BUA. B2BUA sends this INVITE to B. B has a capability to challenge the INVITE (like Linksys 3102 etc). So, B sends the response 407 Auth. to B2BUA. B2BUA passes this response viz 407 to A. A again generates the INVITE with authentication header (say H2) and sends it to B2BUA. Now my question is 'What should be the implementation in A regarding Authentication Header. Should A includes only authentication header H2 in INVITE or both H1 and H2?' In both the cases whether A includes H1 or H1 and H2 as Authentication Header in INVITE, what should be the implementation in B2BUA when received this INVITE from A since B2BUA has already been authenticate the caller viz A?? Is any RFC describing this scenario? Thanks and Kind Regards, Vivek _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors EMAIL DISCLAIMER : This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised distribution or copying is strictly prohibited. If you receive this transmission in error, please notify the sender by reply email and then destroy the message. Opinions, conclusions and other information in this message that do not relate to official business of Mascon shall be understood to be neither given nor endorsed by Mascon. Any information contained in this email, when addressed to Mascon clients is subject to the terms and conditions in governing client contract. Whilst Mascon takes steps to prevent the transmission of viruses via e-mail, we can not guarantee that any email or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Mascon grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
