Thanks, that's pretty much what I've been assuming but as we don't issue challenges, only respond to them, that was all fairly new too - processing the nonce is trivial for the client. Got my head round it now and know what I'm going to do. Cheers all, Steve
-----Original Message----- From: Scott Lawrence [mailto:[EMAIL PROTECTED] Sent: 16 September 2008 14:18 To: Stephen Paterson Cc: [email protected] Subject: Re: [Sip-implementors] Calculating cnonce-value On Tue, 2008-09-16 at 13:06 +0100, Stephen Paterson wrote: > Hi all, > > Quick question. > Are there any recommended/suggested ways of generating a cnonce for > use with a RFC 2617 compliant UAC or is it just an arbitrary quoted string? > I've found plenty of info on nonce but not so much on cnonce and it > seems I can just pick any old string. > Any references much appreciated. All the advice on how to generate server nonce values applies to generating cnonce values. They server the same purpose but in opposite directions. Each cnonce value should be something that attacker would be unable to predict. Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) P Please consider the environment and don't print this e-mail unless you really need to _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
