RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 7616, "HTTP Digest Access Authentication", September 2015

Source of RFC: httpauth (sec)

Errata ID: 6704
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Bruce Florman
Date Reported: 2021-10-05

Section 3.4.1 says:

3.4.1.  Response

   If the qop value is "auth" or "auth-int":

         response = <"> < KD ( H(A1), unq(nonce)
                                      ":" nc
                                      ":" unq(cnonce)
                                      ":" unq(qop)
                                      ":" H(A2)
                             ) <">

   See below for the definitions for A1 and A2.

It should say:

3.4.1.  Response

   If the qop value is "auth" or "auth-int":

         response = <"> < KD ( H(A1), unq(nonce)
                                      ":" nc
                                      ":" unq(cnonce)
                                      ":" unq(qop)
                                      ":" H(A2)
                             ) > <">

   See below for the definitions for A1 and A2.

Notes:

The open angle bracket following the initial double quote, probably needs a matching close angle bracket before the final double quote. This typographical error appears to have been copied from section 3.2.2.1 of RFC 2617, but the close angle bracket does appear in the corresponding single line of text in section 2.1.2 of RFC 2069 that defines the response-digest production there. However, it's not clear to me that the angle brackets contribute to the clarity of the response production here, so simply removing the unmatched open might be a better solution.

Report New Errata