W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

RFC 2617 Authentication-Info BNF

From: Tim Olsen <tim@brooklynpenguin.com>
Date: Mon, 1 Oct 2007 15:47:02 -0400
To: ietf-http-wg@w3.org
Message-ID: <20071001154702.7e0ceb8a@neurofunk.limewire.com>


I am a little confused about the augmented BNF for Authentication-Info
in RFC 2617 3.2.3.

The part of the ABNF I am confused about is:

        AuthenticationInfo = "Authentication-Info" ":" auth-info
        auth-info          = 1#(nextnonce | [ message-qop ]
                               | [ response-auth ] | [ cnonce ]
                               | [nonce-count] )

Does this ABNF mean that nextnonce is required in auth-info?  If so, why
is there the sentence, "If the nextnonce field is present the client
SHOULD use it when constructing the Authorization header for its next
request." ? That would seem to imply that nextnonce is optional.  Later
on, the RFC also states "pipelined requests will not be possible if
every response includes a nextnonce directive that must be used on the
next request received by the server."

Searching the archives show that this issue was brought up over a year
ago, but there was no response
Any feedback would be appreciated.


Received on Monday, 1 October 2007 19:47:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC