Andreas Bystr�m <[EMAIL PROTECTED]> writes: > What to do if the proxy receives a different nonce that the one that > it sent in a challenge? Whould it just send a new 407 or should it > send something else?
> Example > Proxy A receives an Invite. A sends 407 back to UA with a challenge > containing the nonce="12345". When A then receives the Invite again, there > is a response to the challenge. But in that response the nonce is "123". > Should A just send a new 407 ? It's up to the server to decide whether or not the nonce it receives is acceptable to it. The server may use any criteria it likes for that decision. It can return a new challenge (407 for proxy authentication, or 401 for server authentication), or decide to accept the nonce as valid. If it doesn't like the nonce, it should return the 40[17]. If the nonce might once have been valid (such as one whose nc value is outside the range acceptable to the server, or one that is too old), the server has the option of computing whether or not the credentials used to construct the response value with that nonce were good, and if so return 'stale=true' to indicate that a retry using the same credentials and the new nonce should succeed, but it is not required to do that check. -- Scott Lawrence Pingtel Corp. _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
