RFC Errata
RFC 7616, "HTTP Digest Access Authentication", September 2015
Source of RFC: httpauth (sec)
Errata ID: 5803
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Franck MOURRE
Date Reported: 2019-08-06
Held for Document Update by: Benjamin Kaduk
Date Held: 2019-08-08
Section A says:
o Adds support for two new algorithms, SHA2-256 as mandatory and SHA2-512/256 as a backup, and defines the proper algorithm negotiation. The document keeps the MD5 algorithm support but only for backward compatibility.
It should say:
o Adds support for two new algorithms, SHA-256 as mandatory and SHA-512/256 as a backup, and defines the proper algorithm negotiation. The document keeps the MD5 algorithm support but only for backward compatibility.
Notes:
The SHA-2 family of algorithms are conventionally referred to using just "SHA-" and the bit strength, not "SHA2-" and the bit strength.