< Previous by Date | Date Index | Next by Date > |
< Previous in Thread | Thread Index | Next in Thread > |
Best regards, Byron Campen
Hi I believe that code below will allow any server to recognize nonces between restarts. BasicNonceHelper* myNonceHelper = new BasicNonceHelper(); myNonceHelper->setPrivateKey( Data( "yourServerPrivateKey" ) ); Helper::setNonceHelper( myNonceHelper ); With best regards Alexander Altshuler http://xeepe.com -----Original Message----- From: resiprocate-devel-bounces@xxxxxxxxxxxxxxx [mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxx] On Behalf Of Byron Campen Sent: Tuesday, March 11, 2008 7:57 PM To: resiprocate-devel Subject: [reSIProcate] Helper::advancedAuthenticateRequest() and old nonces The code in Helper::advancedAuthenticateRequest() will return Failed if it sees a nonce it doesn't recognize as its own. Unfortunately, this is based on random bits generated at startup, meaning that if a resip-based server is restarted, it will cease to recognize the nonces it has issued, and will start 403ing every time one of them comes in. This is less-than-desirable behavior. Would it be sane to just treat this as an expired nonce, and issue a new challenge? This wouldn't give a malicious endpoint anything it couldn't have gotten already. Getting a 401 vs a 403 tells the endpoint nothing new about the nonce it just used (in fact, it gives _less_ information), and it could have just sent a request with no credentials if it wanted to see what nonce we would generate. Any thoughts? Best regards, Byron Campen _______________________________________________ resiprocate-devel mailing list resiprocate-devel@xxxxxxxxxxxxxxx https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
Attachment:
smime.p7s
Description: S/MIME cryptographic signature