On 11-03-10 12:09 AM, Joegen E. Baclor wrote: > On 03/10/2011 11:36 AM, Evgeniy Khramtsov wrote: >> From the RFC (3261 and 2617) it is unclear for me whether the "uri" >> parameter (aka digest-uri) in the WWW-Authorization or >> Proxy-Authorization header is case-insensitive or not. For instance, are >> URIs uri="sip:user@domain" and uri="sip:USER@domain" equal or not? >> <http://tools.ietf.org/html/rfc2617> > > RFC 2617 is not specific about this. Although SIP treats user portion > of a uri as case insensitive, RFC 2617 seems to indicate that the > comparison between the digest uri is an opaque comparison against the > request-uri. I guess the principle "*Be strict in what you send, but > generous in what you receive*" applies here. But then this is a > security matter and some may argue that would be a bad idea. I would > be interested if someone can nail a text in an RFC somewhere that nails > this.
In most cases, wouldn't the domain be a DNS domain name anyway? In those cases, we should really treat domain as case-insensitive, since DNS is case-insensitive. -- Yves. http://www.SollerS.ca/ http://blog.zioup.org/ _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
