>> What changes do you want to make in the ALG that would invalidate the >> authentication parameters?
"wendy" <[EMAIL PROTECTED]> writes: > Here, there are 2 kinds of registration. > > The first is initiated by the private UA. > The To header field contains the private user's AOR. > The ALG modifies the Contact header field and forwards the SIP messages. > > The second is initiated by the ALG. > The To header field also contains the private user's AOR. > But the private UA does not sense the registration procedure. > > If the administrator does not set any necessary authentication > parameter in the ALG in advance, can the ALG get necessary > authentication parameters during the first kind of registration and > use these parameters to implement the second kind of registration > sometime in the future? No, it can't. Digest authentication is specifically designed to prevent an intermediary being able to do that - it's called a man-in-middle attack. You'll just have to rely on the first case to keep you registered; since the Contact header is not protected by the digest hash, the ALG can modify it without affecting the authentication. -- Scott Lawrence Pingtel Corp. _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
