Hi: I would like to get feedback about some discussion that popped up recently in the IETF AAA WG mailing list. It is related to RFC 2617 and the interpretation of nextnonce in the Authentication-Info header. Section 3.2.3 of RFC 2617 provides the following ABNF for the Authentication-Info header: AuthenticationInfo = "Authentication-Info" ":" auth-info auth-info = 1#(nextnonce | [ message-qop ] | [ response-auth ] | [ cnonce ] | [nonce-count] ) This ABNF suggests that the nextnonce is mandatory and the other directives are optional. However, the following paragraph contains a sentence that suggests that the nextnonce might be optional: "If the nextnonce field is present the client SHOULD use it when constructing the Authorization header for its next request." So... there seems to be a contradiction between the ABNF and the text "if the nextnonce field is present...". Can I get an opinion of what is the common understanding about the nextnonce in Authentication-Info? Regards, Miguel Garcia -- Miguel A. Garcia tel:+358-50-4804586 sip:miguel.an.garcia@openlaboratory.net Nokia Research Center Helsinki, FinlandReceived on Thursday, 8 June 2006 11:26:24 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:24 GMT