RFC 4976, "Relay Extensions for the Message Sessions Relay Protocol (MSRP)", September 2007

Errata ID: 1277
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-01-14
Held for Document Update by: Robert Sparks

Section 7, page 23 says:

   WWW-Authenticate    = "WWW-Authenticate:" SP "Digest" SP digest-param
                         *("," SP digest-param)

   digest-param        = ( realm / nonce / [ opaque ] / [ stale ] / [
                         algorithm ] / qop-options  / [auth-param] )

It should say:

  WWW-Authenticate    = "WWW-Authenticate:" SP "Digest" SP digest-param
                         *("," SP digest-param)
|                       ; realm, nonce, and qop digest-params are required

| digest-param        = ( realm / nonce / opaque / stale / algorithm
|                         / qop-options  / auth-param )

Notes:

a) The prose of the RFC indicates that the restriction stated in the
added ABNF comment indeed should hold. See also note below.

b) The <digest-param> syntax as stated in the RFC makes no sense;
allowing optional productions in the ABNF alternative would allow
empty <digest-param>s , i.e. immediately adjacent commas in the
WWW-Authenticate header field value; I suspect that the square
brackets might have been intended to indicate what I suggest to
express in the ABNF comment a).

To express the full set of requirements for WWW-Authenticate in pure,
formal ABNF would perhaps make it much less readable.

These issues are replicated for <credentials> and <digest-response>
-- this is addressed in a separate report.

Report New Errata