400 Bad Request might not be appropriate as "Basic" is syntactically correct. I think 401/407 is the appropriate option.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 11, 2007 7:50 PM To: [email protected] Subject: Re: [Sip-implementors] Basic Authentication From: Mushtaq Ilyas <[EMAIL PROTECTED]> RFC 3261 states that SIP Servers must not accept or request Basic authentication. If a server were to receive a request with an authorization header using Basic authentication what would be an appropriate response? It could send 400 Bad Request. But more likely, it would ignore any credentials that presented Basic authentication, in line with the general philosophy that authentication credentials that one does not understand one ignores. (There can be more than one set of credentials attached to a request.) After that, if the request did not have sufficient authentication, the server would send 401/407. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
