On Fri, 2009-12-04 at 10:58 -0500, Scott Lawrence wrote: > On Fri, 2009-12-04 at 10:46 -0500, Dale Worley wrote: > > > > As for how to handle it, the bridge should reflect the authentication > > challenge back to its incoming side, so the caller can provide > > authentication (if possible). > > No... not for ITSP connections at least - there's no way that a call > from the PSTN is going to have credentials. The call should fail, > probably with a 403 response that has text explaining that authorization > is required by the internal proxy.
It seems to me that sending a 401/407 back is a good strategy: (1) It unambiguously shows that authorization is required by the proxy (or some other component of the terminating system). (2) The bridge doesn't have to figure out whether the originating system is an ITSP (to be given a 403) or an external SIP system (to be given the 401/407). A 403 response would be better if we know that there are originating systems that handle 403 failures in a better way than they handle 401/407 failures. Dale _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
