anybody having answer??
I want this answer desperately.....please.... Regards, Vineet Menon On 23 November 2011 11:57, Vineet Menon <[email protected]> wrote: > Hi, > > I was going thru RFC 4474 and noticed that it has some trouble in dealing > with authentication in REQUEST and CANCEL message. > Has anyone went thru RFC 4474 and noticed why REQUEST and CANCEL message > cannot be authenticated by the method suggested by RFC 4474? > > RFC 4474 says, pp. 16. > > > > > > >Note, in the table above, that this mechanism does not protect the CANCEL > method. > >The CANCEL method cannot be challenged, because it is hop-by-hop, and > accordingly authentication service behavior for CANCEL > > would be significantly limited. Note as well that the REGISTER method > uses Contact header fields in very unusual ways that > >complicate its applicability to this mechanism, and the use of Identity > with REGISTER is consequently a subject for future study, > > although it is left as optional here for forward-compatibility reasons. > The Identity and Identity-Info header MUST NOT appear in CANCEL. > > > > > > CANCEL message unauthenticated can only be a threat for a certain duration > after the REQUEST message has been sent and before ACK arrives. So it might > be less of a threat. > but REQUEST message unauthenticated can cause potential problem, as RFC > states that REQUEST uses contact headers in unusual ways, as far as i know, > it just has the FROM and TO headers same. But why is this causing problem > in implementing this technique to it? > > Any help would be appreciated. > > Regards, > > Vineet Menon > > > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
