RFC 2617 Authentication-Info BNF


I am a little confused about the augmented BNF for Authentication-Info
in RFC 2617 3.2.3.

The part of the ABNF I am confused about is:

        AuthenticationInfo = "Authentication-Info" ":" auth-info
        auth-info          = 1#(nextnonce | [ message-qop ]
                               | [ response-auth ] | [ cnonce ]
                               | [nonce-count] )

Does this ABNF mean that nextnonce is required in auth-info?  If so, why
is there the sentence, "If the nextnonce field is present the client
SHOULD use it when constructing the Authorization header for its next
request." ? That would seem to imply that nextnonce is optional.  Later
on, the RFC also states "pipelined requests will not be possible if
every response includes a nextnonce directive that must be used on the
next request received by the server."

Searching the archives show that this issue was brought up over a year
ago, but there was no response
Any feedback would be appreciated.



Received on Monday, 1 October 2007 19:47:14 UTC