Lawrence, Scott (BL60:9D30) wrote: > On Mon, 2008-12-15 at 10:57 -0500, Nair, Arjun (CAR:9D30) wrote: >> Worley, Dale (BL60:9D30) wrote: >>> On Mon, 2008-12-15 at 18:25 +0530, Chaitra wrote: >>>> 1. XECS-2026 Phones fail to SUBSCRIBE >>> This issue (now moved to XTRN-361) might be a problem -- the Polycom >>> (3.1.0) and SMC (Counterpath) phones don't respond correctly to the new >>> authentication challenges to SUBSCRIBEs. Viz., when the proxy responds >>> 407, they add a Proxy-Authorization header, but when the status server >>> responds to the second request with 401, they do not retry with an added >>> Authorization header. (LG-Nortel 68xx phones handle the situation >>> correctly.) >>> >>> This is clearly a phone problem, but it is probably going to become a >>> blocker soon. What should we do? >>> >>> I've assigned the issue to Paul M. because I think he's the closest to >>> the phone vendors, but there might be a better assignment. >>> >>> Dale >> If the proxy is already authorizing the request, could we not just >> check the p-asserted identity signature in the message instead of >> challenging it again? > > As long as the PAI header signature is associated with the callid I see > no reason not to... is the PAI signature time-limited? > > (let's move this to sipx-dev) >
AFAIK, the caller of function isNonceValid() choses how long the nonce should be considered valid (in the case of sipXproxy, 5mins = PAI signature validity). But, now come to think of it, the PAI authentication will not kick in for for in-dialog SUBSCRIBEs.. Which means, in-dialog SUBSCRIBEs reaching the status server will not have a PAI header, and this method won't apply.. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
