[Asterisk-Dev] Why Proxy-Authenticate instead of WWW-Authenticate
Olle E. Johansson
oej at edvina.net
Thu Jun 9 00:37:45 MST 2005
> On Thu, 2005-06-09 at 07:37 +0200, Olle E. Johansson wrote:
>>Mikael Magnusson wrote:
>>>It's often mentioned on the list that Asterisk is an user SIP agent and not a
>>>proxy. But why is then Proxy-Authenticate (and 407 Proxy
>>>Authentication Required) used instead of WWW-Authenticate
>>>(and 401 Unauthorized) in chan_sip. According to section 22.1 Framework
>>>in RFC 3261:
>>> In SIP, a UAS uses the 401 (Unauthorized) response to challenge the
>>> identity of a UAC.
>>I fully agree, but all patches to fix this has been refused because of
>>fear we might break something. This makes it hard to use Asterisk
>>together with an outbound proxy that authenticates.
> Has it been tried with a config option to turn it on or off?
Well, no one has proved any problems with fixing it according to
standard. I don't like having default behaviour being non-standard.
(And yes, I don't like the "pedantic" option.. Default behaviour being
We could have an option for backwards compatibility, yes, to turn on if
people really need to break the RFCs.
More information about the asterisk-dev