Wendy You have understood it correctly. Use the Digest-uri for computing the digest response. However, as pointed out in the excerpt you have copied below, the Registar should verify that the target in the ReqUri and the target in the digest-uri reference the same resource.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wendy Sent: Tuesday, December 16, 2003 7:48 PM To: Arunachalam Venkatraman Cc: [EMAIL PROTECTED] Subject: Re: [Sip-implementors] question about registration Thank you for your answer. You mean that the REGISTRAR should not check whether the uri is same as the ReqUri but just calculate the response using the uri the UA provides? But quoting from RFC2617: The authenticating server must assure that the resource designated by the "uri" directive is the same as the resource specified in the Request-Line; if they are not, the server SHOULD return a 400 Bad Request error. (Since this may be a symptom of an attack, server implementers may want to consider logging such errors.) The purpose of duplicating information from the request URL in this field is to deal with the possibility that an intermediate proxy may alter the client's Request-Line. This altered (but presumably semantically equivalent) request would not result in the same digest as that calculated by the client. And also in RFC2617: digest-uri The URI from Request-URI of the Request-Line; duplicated here because proxies are allowed to change the Request-Line in transit. Are they inconsistent? And how should the REGISTRAR process the uri? Thanks. -- Wendy ----- Original Message ----- From: "Arunachalam Venkatraman" <[EMAIL PROTECTED]> To: "wendy" <[EMAIL PROTECTED]> Sent: Wednesday, December 17, 2003 1:01 AM Subject: RE: [Sip-implementors] question about registration > Wendy > The uri is set by the UA to the ReqUri in the REGISTER message. > The ReqUri received by the REGISTRAR may be different because of a proxy > rewriting it. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of wendy > Sent: Tuesday, December 16, 2003 2:27 AM > To: [EMAIL PROTECTED] > Subject: [Sip-implementors] question about registration > > > Hello, > > Normally, the UA adds the 'uri' parameter to the Authorization header > and calculates a 'response' value from this 'uri' value and some other > values. > > Can the server assign the value of this 'uri' parameter which the UA must > use > in the Authorization header? > > Thanks a lot! > -- > Wendy > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
