<br><br><div class="gmail_quote">On Fri, Feb 10, 2012 at 12:50 PM, Phil Quesinberry <span dir="ltr"><<a href="mailto:philq@qsystemsengineering.com">philq@qsystemsengineering.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div>
<p dir="LTR"><span lang="en-us"><b><font face="Consolas">Ok, here's part of the sip trace as requested. I won't have time to sanitize the whole thing until later but in the meantime, here's an interesting excerpt that I wanted to make a few comments on:</font></b></span></p>
<p dir="LTR"><span lang="en-us"><b><font face="Consolas">First, notice the "Unauthorized" response to the first registration attempt but the next attempt is successful. This has actually been going on as long as I can remember with this particular provider.</font></b></span></p>
</div></blockquote><br></div>As far as the auth goes I believe it is required to have the registrar send out the 401 first because it contains a nonce that assists in keeping the communication relatively secure. If I could send a single REG and magically authenticate then that would make a SIP replay attack really easy. <br>
<br>If I understand all this correctly, the registrar sending a 401 "Unauthorized" does not mean, "Go away." Rather it means, "I'm not gonna let you in unless you give me the magic password. Here's a nonce to help you calculate the proper digest. I'm waiting for your next REGISTER message with the appropriate Authorization header."<br>
<br>I'll have to defer to those more experienced than I on the rest of the post.<br><br>-MC<br>