[asterisk-dev] [Fwd: Re: [svn-commits] kpfleming: branch 1.4 r81442 - /branches/1.4/channels/chan_sip.c]

John Todd jtodd at loligo.com
Thu Sep 6 20:07:16 CDT 2007 

Maybe:

badauthrejectmode=[403,401]

or

badauthresponse=[403,401]


I'm uncertain if either response method will make any difference to 
anything but the most rigorous implementations of the RFC.  Badly 
coded versions will just keep hammering away regardless of what reply 
they get.  This doesn't mean the methods should be selectable.  I 
would suggest that "403" be the standard reply.  I think the 
implication is "for this particular transaction, NEVER try again" but 
it is not anything more than that.  A 403 is not, for instance, 
saying "for ALL transactions, NEVER try again" which would mean that 
pressing the red button on your cell phone would not add your 
ex-girlfriend to a blacklist.

JT


At 4:50 PM -0500 2007/9/6, Kevin P. Fleming wrote:
>
>Olle and I have been having a conversation regarding this commit, and
>I'd like to solicit comments from the community on whether they feel we
>should add back in the 'send 401 forever and ever and ever' behavior
>with a configuration option (defaulting to off), and if so, what should
>the name of that option be?
>
>>  Olle E Johansson wrote:
>
>The RFC says
>
>"21.4.4 403 Forbidden
>The server understood the request, but is refusing to fulfill it.
>Authorization will not help, and the request SHOULD NOT be repeated."
>
>In this case, proper authorization will help. If we send 403, we're
>telling the phone to stop trying sending INVITE to us regardless of
>authorization, time of day, phase of the moon and amount of youtube
>traffic in your network. That's not really what you want.
>
>In another part of the RFC, it actually states another use for an
>INVITE scenario. If the callee refuses to answer, like pressing the red
>button on your cell phone, the RFC recommends sending 403. I believe
>that's a big contradicting, but - hey - we're talking about the SIP rfc
>:-) (or they might hint that this is a good way of adding a caller, ex-
>girlfriend, to a blacklist)...
>
>But I agree, with a configuration option, we can send 403 to stop
>unneeded traffic. The phone needs a reconfiguration, so we might as well
>tell it to go away until it has sorted out it's life and approach us
>with a new, propably rebooted, attitude.
>
>Cheers,
>/O
>
>--
>Kevin P. Fleming
>Director of Software Technologies
>Digium, Inc. - "The Genuine Asterisk Experience" (TM)
>
>_______________________________________________
>
>Sign up now for AstriCon 2007!  September 25-28th.  http://www.astricon.net/
>
>--Bandwidth and Colocation Provided by http://www.api-digital.com--
>
>asterisk-dev mailing list
>To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list