Re: [reSIProcate] Helper::advancedAuthenticateRequest() and old nonces
- From: "Alexander Altshuler" <alt@xxxxxxxxx>
- Date: Wed, 12 Mar 2008 18:28:13 +0300
Exactly - we may have infinity message flow:
(Request with bad credential) <-> (401 with challenge)
I don't see any use cases when 401 will help.
Even if you use pool of proxies - you may share one nonce helper key
among servers.
But if somebody provides credential for YOUR domain/ip and it does not
contain proper nonce - it should be rejected.
Regards
Alexander Altshuler
http://xeepe.com
-----Original Message-----
From: Byron Campen [mailto:bcampen@xxxxxxxxxxxx]
Sent: Wednesday, March 12, 2008 5:38 PM
To: Alexander Altshuler
Cc: 'resiprocate-devel'
Subject: Re: [reSIProcate] Helper::advancedAuthenticateRequest() and old
nonces
This is certainly useful. Do you have an opinion on the 403 vs.
401
issue though? It seems that sending a 403 buys us absolutely nothing,
and hurts interop besides. I see no reason to continue doing it. I
could maybe see sending a 403 if someone sends us credentials that
are malformed, on the assumption that the endpoint is broken and we
should just tell it to shut up. (This brings up the question of how
we deal with endpoints that don't know when to quit sending us bad
credentials.)