< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] Helper::advancedAuthenticateRequest() and old nonces

From: Byron Campen <bcampen@xxxxxxxxxxxx>
Date: Tue, 11 Mar 2008 11:57:21 -0500

The code in Helper::advancedAuthenticateRequest() will return Failedif it sees a nonce it doesn't recognize as its own. Unfortunately,this is based on random bits generated at startup, meaning that if aresip-based server is restarted, it will cease to recognize thenonces it has issued, and will start 403ing every time one of themcomes in. This is less-than-desirable behavior. Would it be sane tojust treat this as an expired nonce, and issue a new challenge? Thiswouldn't give a malicious endpoint anything it couldn't have gottenalready. Getting a 401 vs a 403 tells the endpoint nothing new aboutthe nonce it just used (in fact, it gives _less_ information), and itcould have just sent a request with no credentials if it wanted tosee what nonce we would generate.


        Any thoughts?

Best regards,
Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- Re: [reSIProcate] Helper::advancedAuthenticateRequest() and old nonces
  - From: Alexander Altshuler

Prev by Date: Re: [reSIProcate] Issue with contact URI of 200 OK for OPTIONS
Next by Date: Re: [reSIProcate] Setting specific profile on incoming INVITE dialog handle
Previous by thread: [reSIProcate] 1.3 release
Next by thread: Re: [reSIProcate] Helper::advancedAuthenticateRequest() and old nonces
Index(es):
- Date
- Thread