- From: Christer Holmberg <christer.holmberg@ericsson.com>
- Date: Wed, 30 Jun 2021 12:52:50 +0000
- To: Julian Reschke <julian.reschke@gmx.de>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hi, ... >> So, what are the case-sensitivity rules for 'userhash', 'domain', 'nonce', 'opaque' and 'algorithm' auth parameters? >> >> Section 2.1 of RFC 7235 *DOES* say: >> >> "Authentication parameters are name=value pairs, where the name token >> is matched case-insensitively, and each parameter name MUST only >> occur once per challenge." >> >> So, based on that one could assume that case-insensitive is the default, unless otherwise explicitly specified. So far so good. > > No, that's not what it says. That statement is about the parameter *name*. Doh! True. Sorry. ... >Unless stated, things are case-sensitive, so I really don't see an issue here yet. Is that defined for HTTP somewhere, or is it a generic ABNF rule? The reason I ask is because for SIP the default for parameter values is case-insensitive, unless otherwise specified, and tokens are always case-insensitive. Also, is there a reason for e.g., 'userhash' to be case-sensitive, while 'stale' is case-insensitive? For both parameters the only allowed values are "true" and "false". Regards, Christer
Received on Wednesday, 30 June 2021 12:53:06 UTC