I am sorry I am still puzzled. Since the Registrar verifies that the target in the ReqUri and the target in the digest-uri reference the same resource, the proxy must not modify the ReqUri before the message arrives on the Registrar. Right?
Thanks! Wendy ----- Original Message ----- From: "arunvenk" <[EMAIL PROTECTED]> To: "'wendy'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, December 17, 2003 1:23 PM Subject: RE: [Sip-implementors] question about registration > Wendy > You have understood it correctly. Use the Digest-uri for computing the > digest response. > However, as pointed out in the excerpt you have copied below, the > Registar should verify that the target in the ReqUri and the target in > the digest-uri reference the same resource. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of wendy > Sent: Tuesday, December 16, 2003 7:48 PM > To: Arunachalam Venkatraman > Cc: [EMAIL PROTECTED] > Subject: Re: [Sip-implementors] question about registration > > Thank you for your answer. > > You mean that the REGISTRAR should not check whether > the uri is same as the ReqUri but just calculate the response > using the uri the UA provides? > > But quoting from RFC2617: > The authenticating server must assure that the resource designated by > the "uri" directive is the same as the resource specified in the > Request-Line; if they are not, the server SHOULD return a 400 Bad > Request error. (Since this may be a symptom of an attack, server > implementers may want to consider logging such errors.) The purpose > of duplicating information from the request URL in this field is to > deal with the possibility that an intermediate proxy may alter the > client's Request-Line. This altered (but presumably semantically > equivalent) request would not result in the same digest as that > calculated by the client. > > And also in RFC2617: > digest-uri > The URI from Request-URI of the Request-Line; duplicated here > because proxies are allowed to change the Request-Line in transit. > > Are they inconsistent? And how should the REGISTRAR process the uri? > > Thanks. > -- > Wendy > > ----- Original Message ----- > From: "Arunachalam Venkatraman" <[EMAIL PROTECTED]> > To: "wendy" <[EMAIL PROTECTED]> > Sent: Wednesday, December 17, 2003 1:01 AM > Subject: RE: [Sip-implementors] question about registration > > > > Wendy > > The uri is set by the UA to the ReqUri in the REGISTER message. > > The ReqUri received by the REGISTRAR may be different because of a > proxy > > rewriting it. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of wendy > > Sent: Tuesday, December 16, 2003 2:27 AM > > To: [EMAIL PROTECTED] > > Subject: [Sip-implementors] question about registration > > > > > > Hello, > > > > Normally, the UA adds the 'uri' parameter to the Authorization header > > and calculates a 'response' value from this 'uri' value and some other > > values. > > > > Can the server assign the value of this 'uri' parameter which the UA > must > > use > > in the Authorization header? > > > > Thanks a lot! > > -- > > Wendy > > > > _______________________________________________ > > Sip-implementors mailing list > > [EMAIL PROTECTED] > > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
