[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] Authentication and ACK

To: "IETF SIP Mailing List" <sip@ietf.org>
Subject: [Sip] Authentication and ACK
From: "Shan Lu" <shanlu@sentito.com>
Date: Wed, 24 Jul 2002 18:14:43 -0400
Importance: Normal
List-Id: Session Initiation Protocol <sip.ietf.org>
Sender: sip-admin@ietf.org

Hi,

RFC3261 says server must not challenge ACK. It also says that UACs
_will_ duplicate Authorization header of INVITE in ACK. I believe this
"will" strength is too weak. Think of a stateless proxy that performs
authentication. If it receives an ACK with no credentials, it knows it
should not challenge the ACK. But what does it do? It has two options
and it will have a hard time figuring out when to do what:

1. Drop it. But an ACK may be legitimately without credentials (like ACK
for 200) and should be sent along.

2. Proxy it. But the INVITE may have been challenged (ACK for 407) and
the UAS will receive ACK out of the blue. Not detrimental but certainly
not nice.

So I think the "will"  requirement on UAC to include same Authorization
header as INVITE in ACK needs to be strengthened to "MUST" level.

Regards,

Shan Lu

sentitO Networks


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Authentication and ACK
  - From: Jiri Kuthan

Prev by Date: Re: [Sip] language info in SIP headers
Next by Date: Compromise on Expires header in Message (was Re: [Sip] RE: [Simple]-05 MESSAGE and Expires header)
Previous by thread: [Sip] Grammar for Refer-To and Referred-By
Next by thread: Re: [Sip] Authentication and ACK
Index(es):
- Date
- Thread