RFC Errata
RFC 9729, "The Concealed HTTP Authentication Scheme", February 2025
Source of RFC: httpbis (wit)See Also: RFC 9729 w/ inline errata
Errata ID: 8807
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Radowan Redoy
Date Reported: 2026-03-05
Verifier Name: Mike Bishop
Date Verified: 2026-03-10
Section 3.3 says:
48545450205369676E61747572652041757468656E7469636174696F6E
It should say:
4854545020436F6E6365616C65642041757468656E7469636174696F6E
Notes:
The original hex in Figure 3 corresponds to "HTTP Signature Authentication", which is the wrong context string. Thus, it should be updated to the correct hex to reflect "HTTP Concealed Authentication" as specified in Section 3.3.