From: "Vivek Batra" <[EMAIL PROTECTED]> I have query regarding challenge response mechanism (digest authentication, MD5) in SIP as follows:
A and B are SIP clients registered with B2BUA. A calls B and sends INVITE to B2BUA. B2BUA challenges INVITE with response 407 Auth. A again sends the INVITE with authentication header (say H1) and required credentials to B2BUA. B2BUA sends this INVITE to B. B has a capability to challenge the INVITE (like Linksys 3102 etc). So, B sends the response 407 Auth. to B2BUA. B2BUA passes this response viz 407 to A. A again generates the INVITE with authentication header (say H2) and sends it to B2BUA. Now my question is 'What should be the implementation in A regarding Authentication Header. Should A includes only authentication header H2 in INVITE or both H1 and H2?' In both the cases whether A includes H1 or H1 and H2 as Authentication Header in INVITE, what should be the implementation in B2BUA when received this INVITE from A since B2BUA has already been authenticate the caller viz A?? Is any RFC describing this scenario? There is no RFC, because B2BUAs are largely unconstrained by RFCs. However, if you replace "B2BUA" with "proxy", the situation is specified by RFCs. (And A cannot distinguish the situation from a B2BUA, so it must use the same strategy.) When A receives a second 407, it should only *add* authentication headers to the previous request, never remove them. That is because the authentication headers in the previous request usually will still be needed to pass through the earlier stages of the path. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
