* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #342 (closed editorial: incorporated)

Opened 3 years ago

Last modified 3 years ago

WWW-Authenticate ABNF slightly ambiguous

Reported by: julian.reschke@gmx.de Owned by: draft-ietf-httpbis-p7-auth@tools.ietf.org
Priority: normal Milestone: 19
Component: p7-auth Severity: Active WG Document
Keywords: Cc:
Origin:

Description

   WWW-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS challenge ] )
   challenge = auth-scheme 1*SP *( "," OWS ) auth-param *( OWS "," [ OWS auth-param ] )

Example:

 Basic realm="foo", , Otherscheme realm="bar"

This can be parsed as either three challenges:

1: Basic realm="foo"
2:
3: Otherscheme realm="bar"

or as two challenges:

1: Basic realm="foo",
2: Otherscheme realm="bar"

...where the first challenge has a list of auth-params where the first one is the realm, and the second one is empty.

In practice, this doesn't affect the semantics of the header field, but it does affect parser construction. Documenting this may avoid confusion.

Attachments

342.diff (1.7 KB) - added by julian.reschke@gmx.de 3 years ago.
Proposed patch

Change History

Changed 3 years ago by julian.reschke@gmx.de

Proposed patch

comment:1 Changed 3 years ago by julian.reschke@gmx.de

From [1533]:

Note the ambiguity in the Proxy-A and WWW-A ABNF (see #342)

comment:2 Changed 3 years ago by julian.reschke@gmx.de

  • Status changed from new to closed
  • Resolution set to incorporated
  • Milestone changed from unassigned to 19
Note: See TracTickets for help on using tickets.