RFC 4976, "Relay Extensions for the Message Sessions Relay Protocol (MSRP)", September 2007Source of RFC: simple (rai)
Errata ID: 1277
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-01-14
Held for Document Update by: Robert Sparks
Section 7, page 23 says:
WWW-Authenticate = "WWW-Authenticate:" SP "Digest" SP digest-param *("," SP digest-param) digest-param = ( realm / nonce / [ opaque ] / [ stale ] / [ algorithm ] / qop-options / [auth-param] )
It should say:
WWW-Authenticate = "WWW-Authenticate:" SP "Digest" SP digest-param *("," SP digest-param) | ; realm, nonce, and qop digest-params are required | digest-param = ( realm / nonce / opaque / stale / algorithm | / qop-options / auth-param )
a) The prose of the RFC indicates that the restriction stated in the
added ABNF comment indeed should hold. See also note below.
b) The <digest-param> syntax as stated in the RFC makes no sense;
allowing optional productions in the ABNF alternative would allow
empty <digest-param>s , i.e. immediately adjacent commas in the
WWW-Authenticate header field value; I suspect that the square
brackets might have been intended to indicate what I suggest to
express in the ABNF comment a).
To express the full set of requirements for WWW-Authenticate in pure,
formal ABNF would perhaps make it much less readable.
These issues are replicated for <credentials> and <digest-response>
-- this is addressed in a separate report.