errata logo graphic

Found 2 records.

Status: Verified (2)

RFC4559, "SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows", June 2006

Source of RFC: INDEPENDENT

Errata ID: 2912

Status: Verified
Type: Technical

Reported By: Julian Reschke
Date Reported: 2011-08-03
Verifier Name: Nevil Brownlee
Date Verified: 2013-03-20

Section 4 says:


Notes:

The "Negotiate" authentication scheme violates basic HTTP principles, in that it attaches information to the connection on which the handshake happened, and furthermore uses syntax in the WWW-Authenticate and Authorization header fields that is in violation of the base ABNF definitions.


Errata ID: 2913

Status: Verified
Type: Editorial

Reported By: Julian Reschke
Date Reported: 2011-08-03
Verifier Name: Nevil Brownlee
Date Verified: 2013-03-20

Section 6 says:


Notes:

The Security Considerations require the use of the HTTP header field "Proxy-Support", which is not defined in this document nor registered with IANA.


Report New Errata