RFC Errata
Found 2 records.
Status: Verified (1)
RFC 9729, "The Concealed HTTP Authentication Scheme", February 2025
Source of RFC: httpbis (wit)
Errata ID: 8807
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Radowan Redoy
Date Reported: 2026-03-05
Verifier Name: Mike Bishop
Date Verified: 2026-03-10
Section 3.3 says:
48545450205369676E61747572652041757468656E7469636174696F6E
It should say:
4854545020436F6E6365616C65642041757468656E7469636174696F6E
Notes:
The original hex in Figure 3 corresponds to "HTTP Signature Authentication", which is the wrong context string. Thus, it should be updated to the correct hex to reflect "HTTP Concealed Authentication" as specified in Section 3.3.
Status: Reported (1)
RFC 9729, "The Concealed HTTP Authentication Scheme", February 2025
Source of RFC: httpbis (wit)
Errata ID: 8843
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Yixin Sun
Date Reported: 2026-03-18
Section 4 says:
concealed-integer-param-value = %x31-39 1*4( DIGIT ) / "0"
It should say:
concealed-integer-param-value = %x31-39 *4( DIGIT ) / "0"
Notes:
The original ABNF syntax requires at least two digits (or "0"), excluding 1-9. Updating this to be compatible with the integer parameter descriptions, i.e., the "s" parameter that goes in the range of 0-65535.
This should not cause any problems in current implementations as the bigger 0x0000-0x0200 range is reserved for backward compatibility (see IANA "TLS SignatureScheme" registry https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme), but it will still be good to fix the syntax.