#516 note about WWW-A parsing potentially misleading

Hi there,

<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html#rfc.section.4.4>:

"User agents are advised to take special care in parsing the 
WWW-Authenticate field value as it might contain more than one 
challenge, or if more than one WWW-Authenticate header field is 
provided, the contents of a challenge itself can contain a 
comma-separated list of authentication parameters."

This is text that we copied from RFC 2616 
(<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.47>). 
However, isn't the

"...if more than one WWW-Authenticate header field is provided..."

incorrect?

What's contained in a challenge does not depend on the number of header 
field instances, after all.

Best regards, Julian

Received on Wednesday, 30 October 2013 14:10:55 UTC