[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

      challenge        =  "Digest" digest-challenge

      digest-challenge  = 1#( realm | [ domain ] | nonce |
                          [ opaque ] |[ stale ] | [ algorithm ] |
                          [ qop-options ] | [auth-param] )

This means that there's a great deal of freedom in the way WWW-Authenticate
and Proxy-Authenticate headers are constructed which may lead to major
interop issues. We've seen some of this in the last SipIt.  For example the
header below is valid:

WWW-Authenticate: Digest realm="realm1", realm="realm2",
  nonce="aaaaaEF1ZyAxNCAxNTowNjoxNyBCU1QgMjAwMVtCQDZkMzJjNAaa", 
  nonce="rrrrrEF1ZyAxNCAxNTowNjoxNyBCU1QgMjAwMVtCQDZkMzJjNAaa", 
  opaque="bbbbbbFiYTAwMzgzYTY4MA==", stale=false, 
  algorithm=md5, algorithm=sha1, qop="auth, auth-int",
  Digest realm="realm3", realm="realm4",   
  nonce="aaaaaEF1ZyAxNCAxNTowNjoxNyBCU1QgMjAwMVtCQDZkMzJjNAaa", 
  opaque="ttttttFiYTAwMzgzYTY4MA==", stale=false, algorithm=sha1, qop="auth,
auth-int"

Questions:
1. Do you have a parser that can parse this header?
2. Can you explain the semantics of this header?
3. Shouldn't we restrict the way SIP messages use this syntax to a more
"canonic" form? 
4. If the answer to (3) is no: should we add this as a torture message?

Itamar Gilad
RADVISION
itamarg@radvision.com               24 Raul Wallenberg St.
tel: +972 3 7659938                 Building D
mob: +972 56 429938                 Tel-Aviv 69719
fax: +972 3 6472637                 Israel


_______________________________________________
Sip mailing list  http://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip