Isn't there another case where in-dialog request may be authenticated: Sender of the request was authenticated during initial dialog setup and the next in-dialog request has the Authorization header, but the nonce has expired at the authenticating server/proxy and so it generates another nonce and issues a challenge to the sender of that request?
Sanjay >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On >Behalf Of Paul Kyzivat (pkyzivat) >Sent: Monday, January 28, 2008 9:11 AM >To: Steve Langstaff >Cc: SCG2; sip-implementors@lists.cs.columbia.edu >Subject: Re: [Sip-implementors] Challenging a sendonly INVITE > >The question is a little too narrow. The same issues apply to >any in-dialog request. > >Steve makes a good point. But practically speaking >authentication is rarely done on in-dialog requests. Bypassing >it assumes that the dialog id is only known to the parties on >the signaling path, even though this might not be true. > >In most cases, in the original scenario here Phone A would not >share a secret with Phone B that could be used for >authentication. So if Phone A > issues a challenge there is a strong likelihood that it will fail. >This wouldn't necessarily cause the call to fail, but wouldn't help. >BUT, if Phone A *does* issue a challenge like this, then of >course Phone B should properly respond to it if it has the >proper credentials to do so. > > Paul > >Steve Langstaff wrote: >> How do you know it *really* is phone B that is asking for the HOLD? >> >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On >Behalf Of >>> SCG2 >>> >>> Is there any circumstance at all where it makes sense to >challenge an >>> INVITE which is putting a call on hold? >>> >>> I can find nothing in 3264 that suggests it, but wondered if: >>> >>> Phone A -> Phone B (in doing so phone A may have been authenticated) >>> >>> Phone B later goes to put phone A on hold >> >> _______________________________________________ >> Sip-implementors mailing list >> Sip-implementors@lists.cs.columbia.edu >> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors >> >_______________________________________________ >Sip-implementors mailing list >Sip-implementors@lists.cs.columbia.edu >https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
