RFC Errata
RFC 4559, "SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows", June 2006
Source of RFC: INDEPENDENTSee Also: RFC 4559 w/ inline errata
Errata ID: 2912
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Julian Reschke
Date Reported: 2011-08-03
Verifier Name: Nevil Brownlee
Date Verified: 2013-03-20
Section 4 says:
Notes:
The "Negotiate" authentication scheme violates basic HTTP principles, in that it attaches information to the connection on which the handshake happened, and furthermore uses syntax in the WWW-Authenticate and Authorization header fields that is in violation of the base ABNF definitions.