On Wed, 2008-12-17 at 10:54 -0500, Paul Mossman wrote: > Back to the original problem reported against CounterPath and Polycom, > XTRN-361: Phones fail to SUBSCRIBE. > > We believe that the UAs should not fail to respond to the UA challenge > received after a Proxy. > > It has been suggested to me that the second challenge could be viewed as > a failure of the first challenge. That is not my understanding, but I'd > like to put the possibility out there. > > Are we condfident that our behaviour is correct, and the behaviour of > both Polycom and CounterPath is wrong?
There has been a lot of discussion on the SIP mailing lists over the years, and it's always been accepted that a request may receive several challenges, one after the other. The only time a UAC *knows* it can give up is if it receives a challenge to a request, but the request contained all the credentials that the UAC could have provided that are relevant to the challenge. Determining that fact is actually rather messy, since there are two kinds of credentials (Authorizatin, and Proxy-Auth.), there are different realms, and there can be multiple nonces even for the same realm. Credentials are only guaranteed to be applicable if all 3 factors are correct. Also, if you look at RFC 3261, while it never states plainly that there can be multiple challenges, it does mention situations with several successive proxies chained together, in which multiple challenges would be normal. Dale _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
