[Kamailio-Users] nonce_reuse protection issues
Iñaki Baz Castillo
ibc at aliax.net
Thu Jul 16 18:11:13 CEST 2009
2009/7/16 Klaus Darilion <klaus.mailinglists at pernau.at>:
> Iñaki Baz Castillo schrieb:
>> However, to anounce "stale=true" in 401/407 response the
>> credentials must be verified.
>
> It would be sufficient to check if the nonce is reused, response calculation
> could be done afterwards
What I mean is that, response calculation should be done even if nonce
is reused. If not, there is no way to send "stolen=true" in 401/407.
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the Users
mailing list