Brett Tate wrote:
>> Question is have Linksys any reason to not send second PRACK
>> after 401 unauthorized?
>
> No. However RFC 3262 has some wording issues concerning rejecting PRACK.
> Some vendors interpreted RFC 3262 as though a PRACK must be accepted and
> failure responses like 401 and 488 can still satisfy completion of the 100rel
> mechanism.
>
> The following draft highlights some issues concerning returning failure
> responses (such as 488) to PRACK:
>
> http://tools.ietf.org/wg/sipping/draft-ietf-sipping-sip-offeranswer/
This case is a poster child for why it makes no sense to say a request
can't fail. If authorization fails then the request must fail.
I agree it would be helpful to have more info about the messages. In
particular, the Supported/Required headers of all the messages.
I am presuming that the 183 must have had Require: 100rel in order for
the PRACK to be sent.
I would *expect* in this case that the nonce in the 401 would have
allowed the UAC to preemptively include working credentials in both
message 5 and message 8, so that message 8 would not have to be
challenged. Of course the UAC may not be clever enough to do so
preemptively, but it would be better if it did.
I know a lot of systems only do authorization on out-of-dialog requests.
But if you are going to operate over UDP that really isn't adequate.
Doing authorization on in-dialog messages, as the UAS seems to be doing
here, is more robust. It also points out the importance of caching the
necessary info to preemptively include authorization in the subsequent
in-dialog requests.
Thanks,
Paul
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
