inline... Clinkert Jack-G3295C <[EMAIL PROTECTED]> wrote: Are SIP authentication credentials typically cached across multiple dialogs? Seems (to me anyway) that RFC 3261 is vague on the subject. It is talked about in Section 22.2:
Once authentication credentials have been supplied (either directly by the user, or discovered in an internal keyring), UAs SHOULD cache the credentials for a given value of the To header field and "realm" and attempt to re-use these values on the next request for that destination. UAs MAY cache credentials in any way they would like. Seems the benefit to cache credentials across multiple dialogs is to reduce traffic (can avoid the challenge/response messaging). Seems a drawback is that the "copy attack" risk associated with digest authentication is increased however. In other words, the longer cached credentials are allowed to be used, the greater the availaibility for an attacker to use them. [Rama] I agree with u.. its purely a matter of balance between the overhead associated with non-cacheing compared to the benefits on the security front. So this i guess, this should be a call made by the operator and should be a flexible parameter from an implemenation stand-point. That way, you allow the operator to decide of how much non-cacheing he can bear (meaning,,how small of a cache time he can accomodate for,,which will provide for more security). What is the "industry" standard implementation? How do some of the more popular user agent toolkits handle this? Thanks _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors --------------------------------- Sneak preview the all-new Yahoo.com. It's not radically different. Just radically better. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
