On 03/10/2011 03:09 PM, Joegen E. Baclor wrote: > On 03/10/2011 11:36 AM, Evgeniy Khramtsov wrote: >> From the RFC (3261 and 2617) it is unclear for me whether the "uri" >> parameter (aka digest-uri) in the WWW-Authorization or >> Proxy-Authorization header is case-insensitive or not. For instance, are >> URIs uri="sip:user@domain" and uri="sip:USER@domain" equal or not? >> <http://tools.ietf.org/html/rfc2617> > RFC 2617 is not specific about this. Although SIP treats user portion > of a uri as case insensitive, RFC 2617 seems to indicate that the > comparison between the digest uri is an opaque comparison against the > request-uri. I guess the principle "*Be strict in what you send, but > generous in what you receive*" applies here. But then this is a > security matter and some may argue that would be a bad idea. I would > be interested if someone can nail a text in an RFC somewhere that nails > this. > _______________________________________________
I stand corrected on this. RFC 3261 URI comparison has this sample SIP:[email protected];Transport=udp (different usernames) sip:[email protected];Transport=UDP So the two URI's are considered different. I originally thought that only the password is case sensitive in userinfo. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
