[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [SIP] DNS SRV and authentication challenges

To: "'Rich Schaaf'" <rschaaf@pingtel.com>, <sip@ietf.org>
Subject: RE: [SIP] DNS SRV and authentication challenges
From: adam.roach@ericsson.com
Date: Wed, 13 Jun 2001 15:35:22 -0500
Importance: Normal
In-Reply-To: <3B27C8A6.27D85C26@pingtel.com>
List-Id: Session Initiation Protocol <sip.ietf.org>
Reply-To: <adam.roach@ericsson.com>
Sender: sip-admin@ietf.org

> -----Original Message-----
> From: Rich Schaaf [mailto:rschaaf@pingtel.com]

  [Description of problem deleted. Synopsis: DNS points to
   two servers with the same q-values; one issues a challenge
   and the other receives the response]
 
> So, if my reading of the spec is correct, the SIP client is behaving
> correctly.  The SIP proxy behavior and DNS configuration also seem
> reasonable.  However, the end result is that the call fails to get set
> up.
> 
> Please let me know if my reasoning is correct and I welcome any
> suggestions on what _should_ happen in this situation.

I would contend that, in these cirucumstances, you would
need to have some sort of coordination between these
"equivalent" nodes. They can share a back-end database
or a deterministic algorithm for generating challenges
based on, say, a synchronized clock.

(I'm not a security expert, so you might want to run
the second idea past someone who has a better idea of
what the implications of a deterministic challenge
algorithm might be if you intend to use it).

/a


_______________________________________________
Sip mailing list
Sip@ietf.org
http://www.ietf.org/mailman/listinfo/sip

Follow-Ups:
- Re: [SIP] DNS SRV and authentication challenges
  - From: Bob Penfield

Prev by Date: RE: [Sip] Few tiny issues with SDP section of bis3
Next by Date: RE: [Sip] REFER method
Previous by thread: No Subject
Next by thread: Re: [SIP] DNS SRV and authentication challenges
Index(es):
- Date
- Thread