[Technical Errata Reported] RFC7616 (7936)

The following errata report has been submitted for RFC7616,
"HTTP Digest Access Authentication".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7936

--------------------------------------
Type: Technical
Reported by: Joe Orton <jorton@apache.org>

Section: 3.3

Original Text
-------------
   domain

      A quoted, space-separated list of URIs, as specified in [RFC3986],
      that define the protection space.  If a URI is a path-absolute, it
      is relative to the canonical root URL.  (See Section 2.2 of


Corrected Text
--------------
   domain

      A quoted, space-separated list of URI-reference strings, as specified in [RFC3986],
      that define the protection space.  If a URI-reference is in a relative form, it
      is relative to the canonical root URL.  (See Section 2.2 of


Notes
-----
The definition of the "domain" parameter is inconsistent/contradictory - a list of space-separated URIs cannot include a path-absolute, since path-absolute is not a URI - though it is a URI-reference. If the intent was that "a space-separated list of URI-reference strings" is allowed, that could be used instead, per my suggested corrected text. 

It is likely both that the intent was not to allow any URI-reference here, and that current client implementations accept only absolute-URI or path-absolute. So it could instead be clarified as follows:

    A quoted, space-separated list of either absolute-URI or path-absolute, as specified in [RFC3986], that define the protection space.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC7616 (draft-ietf-httpauth-digest-19)
--------------------------------------
Title               : HTTP Digest Access Authentication
Publication Date    : September 2015
Author(s)           : R. Shekh-Yusef, Ed., D. Ahrens, S. Bremer
Category            : PROPOSED STANDARD
Source              : Hypertext Transfer Protocol Authentication
Stream              : IETF
Verifying Party     : IESG

Received on Monday, 13 May 2024 19:46:44 UTC