On Wed, 2009-07-29 at 16:13 +0200, Iñaki Baz Castillo wrote: > Wow! what could I reply now...?
(I keep that reply around in canned form - it comes up now and then) > Ok, if it would be a "MUST" you'd convince me XD (joking) > > However, it'd also work even if the client uses a different > call-id/from-tag in the second INVITE (with credentials). For example, > a proxy doesn't store the "failed dialog status" so when receives an > INVITE with credentials it doesn't check call-id/from-tag values > against a previous attemp. Not with our system (sipXecs). In order to make replay attacks more difficult, the nonce that sipXecs returns is cryptographically bound to the call-id and the from tag; if you change those for the next try, you'll get another 401. _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors