W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2021

[Editorial Errata Reported] RFC7616 (6704)

From: RFC Errata System <rfc-editor@rfc-editor.org>
Date: Tue, 5 Oct 2021 12:45:43 -0700 (PDT)
To: rfc-editor@rfc-editor.org
Cc: Bruce.Florman@genesys.com, rifaat.ietf@gmail.com, ahrensdc@gmail.com, sophie.bremer@netzkonform.de, ietf-http-wg@w3.org
Message-Id: <20211005194543.8CD66D80D9@rfc-editor.org>
The following errata report has been submitted for RFC7616,
"HTTP Digest Access Authentication".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6704

--------------------------------------
Type: Editorial
Reported by: Bruce Florman <Bruce.Florman@genesys.com>

Section: 3.4.1

Original Text
-------------
3.4.1.  Response

   If the qop value is "auth" or "auth-int":

         response = <"> < KD ( H(A1), unq(nonce)
                                      ":" nc
                                      ":" unq(cnonce)
                                      ":" unq(qop)
                                      ":" H(A2)
                             ) <">

   See below for the definitions for A1 and A2.

Corrected Text
--------------
3.4.1.  Response

   If the qop value is "auth" or "auth-int":

         response = <"> < KD ( H(A1), unq(nonce)
                                      ":" nc
                                      ":" unq(cnonce)
                                      ":" unq(qop)
                                      ":" H(A2)
                             ) > <">

   See below for the definitions for A1 and A2.

Notes
-----
The open angle bracket following the initial double quote, probably needs a matching close angle bracket before the final double quote. This typographical error appears to have been copied from section 3.2.2.1 of RFC 2617, but the close angle bracket does appear in the corresponding single line of text in section 2.1.2 of RFC 2069 that defines the response-digest production there. However, it's not clear to me that the angle brackets contribute to the clarity of the response production here, so simply removing the unmatched open might be a better solution.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC7616 (draft-ietf-httpauth-digest-19)
--------------------------------------
Title               : HTTP Digest Access Authentication
Publication Date    : September 2015
Author(s)           : R. Shekh-Yusef, Ed., D. Ahrens, S. Bremer
Category            : PROPOSED STANDARD
Source              : Hypertext Transfer Protocol Authentication
Area                : Security
Stream              : IETF
Verifying Party     : IESG
Received on Wednesday, 6 October 2021 03:26:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 6 October 2021 03:26:29 UTC