On Fri, 2006-06-16 at 14:14 -0500, Clinkert Jack-G3295C wrote: > Are SIP authentication credentials typically cached across multiple > dialogs? Seems (to me anyway) that RFC 3261 is vague on the subject. > It is talked about in Section 22.2: > > Once authentication credentials have been supplied > (either directly by the user, or discovered in an internal keyring), > UAs SHOULD cache the credentials for a given value of the To header > field and "realm" and attempt to re-use these values on the next > request for that destination. UAs MAY cache credentials in any way > they would like. > > > Seems the benefit to cache credentials across multiple dialogs is to > reduce traffic (can avoid the challenge/response messaging). Seems a > drawback is that the "copy attack" risk associated with digest > authentication is increased however. In other words, the longer cached > credentials are allowed to be used, the greater the availaibility for an > attacker to use them.
Cacheing the credentials refers to not prompting the user for them - something few UAs do anyway. Whether or not you must provide an Authorization or Proxy-Authorization header in any given request is purely up to the server. Once you have a challenge, there is nothing to prevent you from preemptively inserting the authorization in subsequent messages in the dialog to prevent the extra round-trip. Whether or not the server will accept those (when it decides to send you a new nonce) is up to the server. -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:[EMAIL PROTECTED] sipXpbx project coordinator - SIPfoundry http://www.sipfoundry.org/sipX Chief Architect - Pingtel Corp. http://www.pingtel.com/ _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
