> Hi All,
> I have a doubt with regards to the following scanario :
>
> UserAgent
> | INVITE Cseq:1
> |<==================================
> | CANCEL Cseq:1
> |<==================================
> | 401 (CANCEL) Cseq:1
> |==================================>
> | CANCEL with Authorization Cseq:1
> |<==================================
> | 401 (CANCEL) Cseq:1 (WRONG !!)
> |==================================>
>
>
> Since the CANCEL (with Authorization header) is resent with the
> same Cseq as the original (unauthrorized) CANCEL, the remote
> retransmission logic mistakes it to be a retransmission of original
> CANCEL, and hence retransmits the 401.
>
> Should the CANCEL with Auth be sent with a higher Cseq ?
> As per the draft, the Cseq of the CANCEL should always match
> that of the INVITE that it is cancelling. How should this case be handled
> at the UAS end?
Basically, you can't use the normal SIP authentication procedures
with CANCEL, since -- as you point out -- if you're challenged,
there's no room to manoeuvre. I would say the only possible
responses to a CANCEL are 200, 481, 400 (because it was garbled),
or 500 (because it got the server very upset for some bizarre
reason).
(Unfortunately, I'm by no means a security wizard, so I'm at a
loss to suggest alternative approaches.)
Cheers,
- Jo.
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
