- From: Tim Olsen <tim@brooklynpenguin.com>
- Date: Mon, 1 Oct 2007 15:47:02 -0400
- To: ietf-http-wg@w3.org
Hello,
I am a little confused about the augmented BNF for Authentication-Info
in RFC 2617 3.2.3.
The part of the ABNF I am confused about is:
AuthenticationInfo = "Authentication-Info" ":" auth-info
auth-info = 1#(nextnonce | [ message-qop ]
| [ response-auth ] | [ cnonce ]
| [nonce-count] )
Does this ABNF mean that nextnonce is required in auth-info? If so, why
is there the sentence, "If the nextnonce field is present the client
SHOULD use it when constructing the Authorization header for its next
request." ? That would seem to imply that nextnonce is optional. Later
on, the RFC also states "pipelined requests will not be possible if
every response includes a nextnonce directive that must be used on the
next request received by the server."
Searching the archives show that this issue was brought up over a year
ago, but there was no response
(http://lists.w3.org/Archives/Public/ietf-http-wg/2006AprJun/0031.html).
Any feedback would be appreciated.
Thanks!
-Tim
Received on Monday, 1 October 2007 19:47:14 UTC