El Jueves, 11 de Febrero de 2010, Couret Tabt escribió: > In SIP, > > UAC -- P1 -- P2 --...--Pn--UAS > > If any Proxy(i.e.Px) hope that it would send back 407 to UAC, > the Px MUST have already exchanged a shared secret key with UAC > before. > > Am I right?
Not at all. There is no "shared secret exchange" in Digest authentication. Both, the UAC and the proxy requiring authentication, know the plain password of the UAC (or the proxy could just know the hashed HA1 field without knowing the exact plain password). So there is no "shared secret exchange" in SIP protocol. All of this is explained in RFC 2617. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
