From: Mushtaq Ilyas <[EMAIL PROTECTED]> So that means that I (Proxy Server) will never get a request (containing authorization header) from a client that I have not challenged before?
That is true, if the client is behaving correctly. But if the server was restarted, it may not remember that it challenged the client in the past. In practice, the server has to be prepared to see authorization headers from clients that it does not expect them from. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
