Brett Tate wrote: >> Question is have Linksys any reason to not send second PRACK >> after 401 unauthorized? > > No. However RFC 3262 has some wording issues concerning rejecting PRACK. > Some vendors interpreted RFC 3262 as though a PRACK must be accepted and > failure responses like 401 and 488 can still satisfy completion of the 100rel > mechanism. > > The following draft highlights some issues concerning returning failure > responses (such as 488) to PRACK: > > http://tools.ietf.org/wg/sipping/draft-ietf-sipping-sip-offeranswer/
This case is a poster child for why it makes no sense to say a request can't fail. If authorization fails then the request must fail. I agree it would be helpful to have more info about the messages. In particular, the Supported/Required headers of all the messages. I am presuming that the 183 must have had Require: 100rel in order for the PRACK to be sent. I would *expect* in this case that the nonce in the 401 would have allowed the UAC to preemptively include working credentials in both message 5 and message 8, so that message 8 would not have to be challenged. Of course the UAC may not be clever enough to do so preemptively, but it would be better if it did. I know a lot of systems only do authorization on out-of-dialog requests. But if you are going to operate over UDP that really isn't adequate. Doing authorization on in-dialog messages, as the UAS seems to be doing here, is more robust. It also points out the importance of caching the necessary info to preemptively include authorization in the subsequent in-dialog requests. Thanks, Paul _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors