2010/6/3 Moloud Mousavi <[email protected]>: > Hello Iñaki, > > This is the explanation of cnonce in RFC 2617: > > cnonce > This MUST be specified if a qop directive is sent (see above), and > MUST NOT be specified if the server did not send a qop directive in > the WWW-Authenticate header field. The cnonce-value is an opaque > quoted string value provided by the client and used by both client > and server to avoid chosen plaintext attacks, to provide mutual > authentication, and to provide some message integrity protection. > See the descriptions below of the calculation of the responsedigest > and request-digest values. > > > It seems that cnonce existence is optional, but then If you want to calculate > the responseDigest, you have to consider that again. > > Assuming both the same: in fact I tried putting the same value for nonce and > cnonce, and it didn't work.
Where did you read that nonce and cnonce have to be equal? > If my question is trivial, why do "YOU" bother to put time to answer me back, > leave it to someone else. First of all, this maillist is not the place to ask trivial or non trivial questions about already approved specifications for SIP protocol, use sip-implementors instead. Second: you should be not so rude with people trying to help you. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use [email protected] for questions on how to develop a SIP implementation. Use [email protected] for new developments on the application of sip. Use [email protected] for issues related to maintenance of the core SIP specifications.
