< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] Register challenged with 407, why not 401?


Please (let me repeat Please, Please, Please, Please, Please) don't get wrapped around 401 vs 407.

There is nothing the recipient of such a response can do differently based on the difference between those codes.
They can't even use them to tell to look for the www- or proxy- form of the challenge header fields because
proxies have to aggregate the challenges from multiple forks - a response of either type might have headers of
both types by the time it makes it to the UA. Said another way, an endpoint receiving a 401 or a 407 has to look for 
multiple instances of BOTH FORMS.

It really doesn't matter what something in the middle sends. As a UA you can't tell what it was and you definitely mustn't care.

When we have the opportunity to rev the spec again, I'll be working hard to deprecate one or the other of those codes.

RjS

On Oct 30, 2006, at 5:25 PM, Steven Coule wrote:

We noticed at SIPit that a number of UACs did not cope with having their REGISTER challenged with 407 Proxy-authenticate, but instead expected 401 Unauthorised.

 

Dum/ServerAuthmanager.cxx seems to have 407 hard-coded …

 

Does anyone have any strong feelings as to why this is the case? Should we really be sending a 401 when not acting as a proxy?  (Our app is a B2BUA).


Thanks,

 

Steve Coule


Envox UK Ltd

_______________________________________________
resiprocate-devel mailing list