W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Issue 195, was: Proposed RFC 2617 erratum, Re: Backwards definition of authentication header

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 13 Sep 2010 18:03:02 +0200
Message-ID: <4C8E4B36.7080207@gmx.de>
To: Alexey Melnikov <alexey.melnikov@isode.com>
CC: Paul Leach <paulle@microsoft.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
On 21.12.2009 23:36, Alexey Melnikov wrote:
> Paul Leach wrote:
>
>> I do not understand the proposed erratum (eid=1959). Can someone
>> please explain what the issue is?
>> Prima-facie, the proposed fix looks wrong: how can the definition of
>> "challenge" be replaced by one for "credentials"?
>>
>>
> You are right, it should be something like this instead:
>
> OLD:
> credentials = auth-scheme #auth-param
>
> NEW:
> credentials = "Basic" basic-credentials | auth-scheme #auth-param
>
> Note: for historic reasons, the "Basic" authentication scheme (see
> Section 2) uses a different format, thus the special case in the
> ABNF.
>
>
> The issue with the original ABNF is that Basic wouldn't conform to the
> specified BNF, as auth-param is defined:
>
> auth-param = token "=" ( token | quoted-string )
>
> And Basic is defined:
>
> credentials = "Basic" basic-credentials
> basic-credentials = base64-user-pass
> base64-user-pass = <base64 [4] encoding of user-pass,
> except not limited to 76 char/line>
>
> So basic-credentials doesn't match auth-param.

Hi,

this erratum was verified later on, see 
<http://www.rfc-editor.org/errata_search.php?eid=1959>, and is also 
tracked with <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/195>.

As part of change 
<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/998>, Part 7 now 
contains the definition of auth-param, therefore I applied the erratum 
while including the auth framework bits.

Best regards, Julian
Received on Monday, 13 September 2010 16:03:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT