23 Aug
2005
23 Aug
'05
9:16 p.m.
Hi all,
Is it sane to use:
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
} else {
if (!www_authorize("", "subscriber")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
};
};
};
};
Or anything here appears to be wrong ?
Thank you.
--
Thomas Storino Britis
TCNet Inf e Telecom LTDA
23 Aug
23 Aug
9:35 p.m.
www_authorize/www_challenge should be used in register.
proxy_authorize/proxy_challenge in invite.
I don't see any need for the www_authorize in invite and I don't think any
messages other than register and invite support authentication.
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Thomas Britis
Sent: Tuesday, August 23, 2005 12:16 PM
To: serusers(a)lists.iptel.org
Subject: [Serusers] www_challange and proxy_challange
Hi all,
Is it sane to use:
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
} else {
if (!www_authorize("", "subscriber")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
};
};
};
};
Or anything here appears to be wrong ?
Thank you.
--
Thomas Storino Britis
TCNet Inf e Telecom LTDA
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
24 Aug
24 Aug
12:24 a.m.
Chris St Denis wrote:
www_authorize/www_challenge should be used in
register.
proxy_authorize/proxy_challenge in invite.
I don't see any need for the www_authorize in invite and I don't think any
messages other than register and invite support authentication.
All SIP messages except CANCEL can be challenged. But due to broken SIP
clients it is sometimes better to not authenticate BYE and ACK.
regards
klaus
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Thomas Britis
Sent: Tuesday, August 23, 2005 12:16 PM
To: serusers(a)lists.iptel.org
Subject: [Serusers] www_challange and proxy_challange
Hi all,
Is it sane to use:
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
} else {
if (!www_authorize("", "subscriber")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
};
};
};
};
Or anything here appears to be wrong ?
Thank you.
12:28 a.m.
Seems pointless to challenge an ACK.
Anyway, with ACK and BYE are they supposed to get proxy or www challenge?
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Sent: Tuesday, August 23, 2005 3:25 PM
To: Chris St Denis
Cc: 'Thomas Britis'; serusers(a)lists.iptel.org
Subject: Re: [Serusers] www_challange and proxy_challange
Chris St Denis wrote:
www_authorize/www_challenge should be used in
register.
proxy_authorize/proxy_challenge in invite.
I don't see any need for the www_authorize in invite and I don't think any
messages other than register and invite support authentication.
All SIP messages except CANCEL can be challenged. But due to broken SIP
clients it is sometimes better to not authenticate BYE and ACK.
regards
klaus
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Thomas Britis
Sent: Tuesday, August 23, 2005 12:16 PM
To: serusers(a)lists.iptel.org
Subject: [Serusers] www_challange and proxy_challange
Hi all,
Is it sane to use:
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
} else {
if (!www_authorize("", "subscriber")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
};
};
};
};
Or anything here appears to be wrong ?
Thank you.
9:31 a.m.
If the proxy is the endpoint of the request, it should use www_auth.
If the proxy is an intermediate hop, it should use proxy_auth.
Thus, usually you use:
- www_auth for REGISTER
- proxy_auth for INVITE, BYE, MESSAGE, ...
I'm little bit unsure how to challange PUBLISH and SUBSCRIBE as they
might be terminated in the proxy (pa module) or in the client (end2end
presence).
My personal opinion: authentication of out-of-dialog messages is a must.
authentication of in-dialog requests should be relaxed due to broken
clients.
regards
klaus
Chris St Denis wrote:
Seems pointless to challenge an ACK.
Anyway, with ACK and BYE are they supposed to get proxy or www challenge?
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Sent: Tuesday, August 23, 2005 3:25 PM
To: Chris St Denis
Cc: 'Thomas Britis'; serusers(a)lists.iptel.org
Subject: Re: [Serusers] www_challange and proxy_challange
Chris St Denis wrote:
www_authorize/www_challenge should be used in
register.
proxy_authorize/proxy_challenge in invite.
I don't see any need for the www_authorize in invite and I don't think any
messages other than register and invite support authentication.
All SIP messages except CANCEL can be challenged. But due to broken SIP
clients it is sometimes better to not authenticate BYE and ACK.
regards
klaus
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Thomas Britis
Sent: Tuesday, August 23, 2005 12:16 PM
To: serusers(a)lists.iptel.org
Subject: [Serusers] www_challange and proxy_challange
Hi all,
Is it sane to use:
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
} else {
if (!www_authorize("", "subscriber")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
};
};
};
};
Or anything here appears to be wrong ?
Thank you.
10:59 a.m.
On 24-08-2005 09:31, Klaus Darilion wrote:
If the proxy is the endpoint of the request, it should
use www_auth.
If the proxy is an intermediate hop, it should use proxy_auth.
Thus, usually you use:
- www_auth for REGISTER
- proxy_auth for INVITE, BYE, MESSAGE, ...
I'm little bit unsure how to challange PUBLISH and SUBSCRIBE as they
might be terminated in the proxy (pa module) or in the client (end2end
presence).
A good implementation should not care whether it gets proxy_auth or
www_auth, it can also get both in the same message in more complex
scenarios (this is rarely supported in user agents).
Jan.
7040
days inactive
7041
days old
5 comments
4 participants
participants (4)
-
Chris St Denis -
Jan Janak -
Klaus Darilion -
Thomas Britis