On Fri, 2009-12-04 at 11:13 -0500, Dale Worley wrote: > On Fri, 2009-12-04 at 10:58 -0500, Scott Lawrence wrote: > > On Fri, 2009-12-04 at 10:46 -0500, Dale Worley wrote: > > > > > > As for how to handle it, the bridge should reflect the authentication > > > challenge back to its incoming side, so the caller can provide > > > authentication (if possible). > > > > No... not for ITSP connections at least - there's no way that a call > > from the PSTN is going to have credentials. The call should fail, > > probably with a 403 response that has text explaining that authorization > > is required by the internal proxy. > > It seems to me that sending a 401/407 back is a good strategy: (1) It > unambiguously shows that authorization is required by the proxy (or some > other component of the terminating system). (2) The bridge doesn't have > to figure out whether the originating system is an ITSP (to be given a > 403) or an external SIP system (to be given the 401/407). > > A 403 response would be better if we know that there are originating > systems that handle 403 failures in a better way than they handle > 401/407 failures.
This has to be put in context: that the mission of sipXbridge is to interface to ITSPs and other lame systems that require hacks like registration for the domain and intercepting REFER, _not_ to be a general purpose interface to other SIP systems (we want those to go direct to sipXproxy, which _would_ just return the challenge responses). _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
