- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 13 Sep 2010 18:03:02 +0200
- To: Alexey Melnikov <alexey.melnikov@isode.com>
- CC: Paul Leach <paulle@microsoft.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
On 21.12.2009 23:36, Alexey Melnikov wrote: > Paul Leach wrote: > >> I do not understand the proposed erratum (eid=1959). Can someone >> please explain what the issue is? >> Prima-facie, the proposed fix looks wrong: how can the definition of >> "challenge" be replaced by one for "credentials"? >> >> > You are right, it should be something like this instead: > > OLD: > credentials = auth-scheme #auth-param > > NEW: > credentials = "Basic" basic-credentials | auth-scheme #auth-param > > Note: for historic reasons, the "Basic" authentication scheme (see > Section 2) uses a different format, thus the special case in the > ABNF. > > > The issue with the original ABNF is that Basic wouldn't conform to the > specified BNF, as auth-param is defined: > > auth-param = token "=" ( token | quoted-string ) > > And Basic is defined: > > credentials = "Basic" basic-credentials > basic-credentials = base64-user-pass > base64-user-pass = <base64 [4] encoding of user-pass, > except not limited to 76 char/line> > > So basic-credentials doesn't match auth-param. Hi, this erratum was verified later on, see <http://www.rfc-editor.org/errata_search.php?eid=1959>, and is also tracked with <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/195>. As part of change <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/998>, Part 7 now contains the definition of auth-param, therefore I applied the erratum while including the auth framework bits. Best regards, Julian
Received on Monday, 13 September 2010 16:03:38 UTC