Hi, No methodology is mentioned in the RFCs. There was an old draft which addressed some of these problems "draft-khartabil-sip-auth-analysis". You can get it from softarmor.com I do not know the status of this draft. I am copying this to Hisham, may be he can comment.
Cheers, Prasanna Mahipati Deshpande wrote: >Hi, > >Consider following scenario -- > > INVITE >UA ------------ > proxy A > 407 >UA <------------ proxy A > ACK >UA ------------> proxy A > > INVITE with credentials >UA ------------> proxy A > 100 trying >UA <------------ proxy A > >At this point proxy A validates credentials and >consumes Proxy-Authorization header. If this request >spiralled and comes back to proxy A, whether proxy >challenges again (because there is no >Proxy-Authorization header ) or it processes as if it >passed authentication? > >How proxy should act in this scenario? > >Thanks, >Mahipati Deshpande > >Mahipati Deshpande > > > >____________________________________________________ >Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com >_______________________________________________ >Sip-implementors mailing list >[email protected] >https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors > > > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
