RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 2617, "HTTP Authentication: Basic and Digest Access Authentication", June 1999

Note: This RFC has been obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617

Source of RFC: http (app)
See Also: RFC 2617 w/ inline errata

Errata ID: 1959
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Julian Reschke
Date Reported: 2009-12-10
Verifier Name: Alexey Melnikov
Date Verified: 2009-12-27

Section 1.2 p4 says:

       credentials = auth-scheme #auth-param

It should say:

       credentials = auth-scheme ( token | quoted-string | #auth-param )


Alexey Melnikov (updated as per suggestion from Paul Leach):

auth-param doesn't allow for parameters with no '=', so Basic is non conformant to the generic syntax.

Multiple versions of token/quoted-string (with no attribute name) is not allowed, as none of the existing scheme not using auth-param supports that.

(Note that RFC 2617 is using BNF from RFC 2616, which allows for implied LWS.)

Report New Errata

Advanced Search