On 21.12.2009 23:36, Alexey Melnikov wrote: > Paul Leach wrote: > >> I do not understand the proposed erratum (eid=1959). Can someone >> please explain what the issue is? >> Prima-facie, the proposed fix looks wrong: how can the definition of >> "challenge" be replaced by one for "credentials"? >> >> > You are right, it should be something like this instead: > > OLD: > credentials = auth-scheme #auth-param > > NEW: > credentials = "Basic" basic-credentials | auth-scheme #auth-param > > Note: for historic reasons, the "Basic" authentication scheme (see > Section 2) uses a different format, thus the special case in the > ABNF. > > > The issue with the original ABNF is that Basic wouldn't conform to the > specified BNF, as auth-param is defined: > > auth-param = token "=" ( token | quoted-string ) > > And Basic is defined: > > credentials = "Basic" basic-credentials > basic-credentials = base64-user-pass > base64-user-pass = <base64 [4] encoding of user-pass, > except not limited to 76 char/line> > > So basic-credentials doesn't match auth-param. Hi, this erratum was verified later on, see <http://www.rfc-editor.org/errata_search.php?eid=1959>, and is also tracked with <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/195>. As part of change <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/998>, Part 7 now contains the definition of auth-param, therefore I applied the erratum while including the auth framework bits. Best regards, JulianReceived on Monday, 13 September 2010 16:03:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT