W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

RFC 2617 Authentication-Info BNF

From: Tim Olsen <tim@brooklynpenguin.com>
Date: Mon, 1 Oct 2007 15:47:02 -0400
To: ietf-http-wg@w3.org
Message-ID: <20071001154702.7e0ceb8a@neurofunk.limewire.com>


Hello,

I am a little confused about the augmented BNF for Authentication-Info
in RFC 2617 3.2.3.

The part of the ABNF I am confused about is:

        AuthenticationInfo = "Authentication-Info" ":" auth-info
        auth-info          = 1#(nextnonce | [ message-qop ]
                               | [ response-auth ] | [ cnonce ]
                               | [nonce-count] )

Does this ABNF mean that nextnonce is required in auth-info?  If so, why
is there the sentence, "If the nextnonce field is present the client
SHOULD use it when constructing the Authorization header for its next
request." ? That would seem to imply that nextnonce is optional.  Later
on, the RFC also states "pipelined requests will not be possible if
every response includes a nextnonce directive that must be used on the
next request received by the server."

Searching the archives show that this issue was brought up over a year
ago, but there was no response
(http://lists.w3.org/Archives/Public/ietf-http-wg/2006AprJun/0031.html).
Any feedback would be appreciated.

Thanks!

-Tim
Received on Monday, 1 October 2007 19:47:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:22 GMT