RFC Errata
RFC 7616, "HTTP Digest Access Authentication", September 2015
Source of RFC: httpauth (sec)
Errata ID: 6704
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Bruce Florman
Date Reported: 2021-10-05
Section 3.4.1 says:
3.4.1. Response
If the qop value is "auth" or "auth-int":
response = <"> < KD ( H(A1), unq(nonce)
":" nc
":" unq(cnonce)
":" unq(qop)
":" H(A2)
) <">
See below for the definitions for A1 and A2.
It should say:
3.4.1. Response
If the qop value is "auth" or "auth-int":
response = <"> < KD ( H(A1), unq(nonce)
":" nc
":" unq(cnonce)
":" unq(qop)
":" H(A2)
) > <">
See below for the definitions for A1 and A2.
Notes:
The open angle bracket following the initial double quote, probably needs a matching close angle bracket before the final double quote. This typographical error appears to have been copied from section 3.2.2.1 of RFC 2617, but the close angle bracket does appear in the corresponding single line of text in section 2.1.2 of RFC 2069 that defines the response-digest production there. However, it's not clear to me that the angle brackets contribute to the clarity of the response production here, so simply removing the unmatched open might be a better solution.