----- Original Message ----- From: "Paul Kyzivat" <[EMAIL PROTECTED]> To: "Mushtaq Ilyas" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, April 10, 2007 5:34 PM Subject: Re: [Sip-implementors] Authentication and Authorization
> > > Mushtaq Ilyas wrote: > > Hello > > > > RFC 2617/3261 states that if a UAS/Proxy Server were to receive a request lacking the Authorization header they can challenge the sender using a 401 or 407 response. > > > > What if it all started with request that contained an Authorization header, how could the UAC have generated the header? I mean, how could it get the nonce value and hence generate the response field? > > > > Is that possible? > > If you have previously sent a request to the same destination (or proxy) > and been challenged, you may (should) retain the nonce and then use it > to preemptively add authentication information to future requests. This > will reduce your overall message count by more than half when dealing > with a destination that authenticates every request. Paul , isnt that nonce limited to a particuler transaction or call ?.further,if i add an Authorization Header in INVITE preemptively (insert nonce myselft ,response is calculated using that nonce),does server ,on receiving request,copmare the nonce to nonce it had for that tranaction OR it can compute the response using nonce in INVITE request.(this INVITE was not generated in response to 407,it was preeptive) ? Arslan > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
