Multiple Proxy-Authenticate challenges?

Is there a good reason why WWW-Authenticate can have multiple
challenges while Proxy-Authenticate can't?

draft-ietf-http-v11-spec-rev-03:

>         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
>         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge

I also think that the following sentence from the description of
WWW-Authenticate fits better if moved to the draft-ietf-http-authentication
document as it is the one that define "challenge".

>                                                          User agents
>  MUST take special care in parsing the WWW-Authenticate field value if it
>  contains more than one challenge, or if more than one WWW-Authenticate
>  header field is provided, since the contents of a challenge may itself
>  contain a comma-separated list of authentication parameters.


Regards,
Gisle

Received on Friday, 3 April 1998 02:04:33 UTC