2011/12/14 Worley, Dale R (Dale) <[email protected]>: > *If* the nonce value has not expired, the server would not challenge > the client. But the nonce might expire in a short while, so the > client needs to be prepared for authentication challenges unless it > has received a nonce within a few seconds.
Also, the server can decide when or why to expire the nonce, it could in fact expire it after its first usage. This avoids a famous SIP attack (I don't remember the name). -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
