[asterisk-dev] Improper (?) use of SIP 403 to reject REGISTER for bad auth

Nathan Anderson nathana at fsr.com
Mon Apr 8 03:33:24 CDT 2013


Hey Olle,

On Sunday, April 07, 2013 11:15 PM, Olle E. Johansson wrote:

> I think this is a very old bug that I implemented. The 403 should be
> removed.

Thanks for the reply.  If not with a 403 (which I agree with you on), how should Asterisk respond to a REGISTER attempt with invalid credentials?  Should it repeat the 401 status code?  Although I have found people condemning the use of a 403 response in such a scenario, I haven't found a description of recommended "best industry practice" either.

Also, does a JIRA already exist for this, or should I open a new one?

Thanks,

-- 
Nathan Anderson
First Step Internet, LLC
nathana at fsr.com



More information about the asterisk-dev mailing list