On 12/16/2011 06:34 AM, Olle E. Johansson wrote: > " > 15.4.1.3 > Unknown SIP-PBX Identity > The SP-SSE MUST issue a 404 Not Found response to a REGISTER request, if the > Registration AOR of the SIP-PBX is not found in its database. An SIP-PBX > receiving such a response to a REGISTER request MUST consider the > Registration attempt to have failed, and notify the SIP-PBX administrator if > possible through some means. The SIP-PBX SHOULD follow the backoff procedures > defined previously in Section 15.4.1.1. > " > > > This means that it will be easy to find accounts in a SIP connect compliant > service. If an account exists, I'll get an authentication response. Otherwise > I will get a 404. This is something we fixed in Asterisk a long time ago in > order to not make it easy to find existing accounts.
Indeed, and we continue to deal with additional cases where the response behavior differs between known and unknown AoRs or request URIs. I agree with Olle here, this provision of SIPconnect 1.1 should be modified to indicate that the SP-SSE MUST respond with an authentication challenge regardless of whether the AoR in the attempted registration is found in its database or not. Olle, do you want to take this to the SIPForum 'techwg' list? If not, I will. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: [email protected] | SIP: [email protected] | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
