[SIPForum-discussion] Authorization and forking

Sonja Belic sonja.belic at zesium.com
Fri Jul 27 11:47:12 UTC 2007

Hi all,
I encountered some problems in understanding Digest Authentication in 
case of forking.
 RFC 3261 state following :

" /It is possible for multiple challenges associated with the same realm
   to appear in the same 401 (Unauthorized) or 407 (Proxy Authentication
   Required).  This can occur, for example, when multiple proxies within
   the same administrative domain, which use a common realm, are reached
   by a forking request.  When it retries a request, a UAC MAY therefore
   supply multiple credentials in Authorization or Proxy-Authorization
   header fields with the same "realm" parameter value.  The same
   credentials SHOULD be used for the same realm/."

Does credentials mentioned in the last line ( "/same credentials SHOULD 
be used for the same realm/" ), refer

   1. only to username and password or
   2. to all credential parameters ( nonce, response, ... ) ?

If UAC, for instance, receive three challenges with the same realm, I 
presume they will all have different nonce values.

   1. So, in the first case, the UAC will calculate three different
      responses for the same /realm/ value and send request with three
      different Authorization or Proxy-Authorization header fields.  If
      this is the case, how do we know which of this credentials should
      we cache and put in next message?
   2. In second case, all three Authorization or Proxy-Authorization
      header field would be the same, so only one proxy would accept the
      credentials. This solution doesn't have much sense to me.

Thanks in advanced.

Sonja Belic
Software Development & Testing
"ZESIUM mobile" d.o.o.
Valentina Vodnika 8/9
21000 Novi Sad

Tel: +381 (0)21 472 15 48
Fax: +381 (0)21 472 15 49
Mob: +381 (0)64 150 80 90

E-mail: sonja.belic at zesium.com
Web: www.zesium.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20070727/557ac790/attachment-0002.html>

More information about the discussion mailing list