[reSIProcate] Helper::advancedAuthenticateRequest() and old nonces

Björn Andersson bjorn.v.andersson at ericsson.com
Wed Mar 12 11:31:25 CDT 2008 

We have had this issue after a server crash, and one of our lab 
terminals, I dont remember wich brand, tried periodically to re-register 
with the credentials based on the stale nonce but was rejected every 
time with 403 and never got registered again (until rebooted).
I think it is the correct behaviour to send a 401 with a fresh nonce if 
the server isn't happy with the one in the request.

best regards
Björn Andersson

Alexander Altshuler wrote:
> Exactly - we may have infinity message flow:
> (Request with bad credential) <-> (401 with challenge)
>
> I don't see any use cases when 401 will help.
> Even if you use pool of proxies - you may share one nonce helper key
> among servers.
> But if somebody provides credential for YOUR domain/ip and it does not
> contain proper nonce - it should be rejected.
>
> Regards
> Alexander Altshuler
> http://xeepe.com
>
> -----Original Message-----
> From: Byron Campen [mailto:bcampen at estacado.net] 
> Sent: Wednesday, March 12, 2008 5:38 PM
> To: Alexander Altshuler
> Cc: 'resiprocate-devel'
> Subject: Re: [reSIProcate] Helper::advancedAuthenticateRequest() and old
> nonces
>
> 	This is certainly useful. Do you have an opinion on the 403 vs.
> 401  
> issue though? It seems that sending a 403 buys us absolutely nothing,  
> and hurts interop besides. I see no reason to continue doing it. I  
> could maybe see sending a 403 if someone sends us credentials that  
> are malformed, on the assumption that the endpoint is broken and we  
> should just tell it to shut up. (This brings up the question of how  
> we deal with endpoints that don't know when to quit sending us bad  
> credentials.)
>
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
>   

-- 
This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

More information about the resiprocate-devel mailing list