- From: Alexey Melnikov <alexey.melnikov@isode.com>
- Date: Mon, 21 Dec 2009 22:36:13 +0000
- To: Paul Leach <paulle@microsoft.com>
- CC: Julian Reschke <julian.reschke@gmx.de>, Eran Hammer-Lahav <eran@hueniverse.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Paul Leach wrote:
>I do not understand the proposed erratum (eid=1959). Can someone please explain what the issue is?
>
>Prima-facie, the proposed fix looks wrong: how can the definition of "challenge" be replaced by one for "credentials"?
>
>
You are right, it should be something like this instead:
OLD:
credentials = auth-scheme #auth-param
NEW:
credentials = "Basic" basic-credentials | auth-scheme #auth-param
Note: for historic reasons, the "Basic" authentication scheme (see
Section 2) uses a different format, thus the special case in the
ABNF.
The issue with the original ABNF is that Basic wouldn't conform to the
specified BNF, as auth-param is defined:
auth-param = token "=" ( token | quoted-string )
And Basic is defined:
credentials = "Basic" basic-credentials
basic-credentials = base64-user-pass
base64-user-pass = <base64 [4] encoding of user-pass,
except not limited to 76 char/line>
So basic-credentials doesn't match auth-param.
Received on Monday, 21 December 2009 22:36:58 UTC