[Technical Errata Reported] RFC7616 (7936)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 13 May 2024 19:47 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 977C3C1D4A7B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 May 2024 12:47:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="Jgv2Iic7"; dkim=pass (2048-bit key) header.d=w3.org header.b="jQ4/xmaI"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ki-xJ17pOJWO for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 May 2024 12:47:50 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A117BC14CF18 for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 13 May 2024 12:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Date:Message-Id:Content-Type:Cc:From:To:Reply-To:In-Reply-To: References:MIME-Version; bh=+eutOhRKmaB6T2d/qPPKHrozdJdXYfWvEWlfH9OywHQ=; b=J gv2Iic7vhJHUBy9AQSe6cmYCuEiIHeldmX2lYp0I27ZDreBcr6e1j5ts6uTIZPB63I5nu19xdBfD5 z8xb2MP4pegW/pPSr7/d1OOvGzmFG/6qo5EHD+soxIFBMk7nZUaSby5jhMbBBd80pp30mh4TORJoV pxYDKSv63tyGrFP3s4MN46uF4svReYa35m3T9QKUnQNAioLqR5SYw6jgg2DhtTMI2X903VfvTDtEE mWqqhKgGIbzWibcYOSv9uFHx7Okm8MNrQi6+g+sb1M7Ytt5Kw9XmvafuuOICOKh8Akhz51L5XdP+H nVuzz0NMPPS8yD5tpcoCWIXbrQlvPURjA==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1s6bdH-00CGXM-1h for ietf-http-wg-dist@listhub.w3.org; Mon, 13 May 2024 19:46:47 +0000
Resent-Date: Mon, 13 May 2024 19:46:47 +0000
Resent-Message-Id: <E1s6bdH-00CGXM-1h@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <wwwrun@rfcpa.amsl.com>) id 1s6bdE-00CGWR-2Q for ietf-http-wg@listhub.w3.internal; Mon, 13 May 2024 19:46:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Date:Message-Id:Content-Type:Cc:From:Subject:To:Reply-To:In-Reply-To: References:MIME-Version; bh=+eutOhRKmaB6T2d/qPPKHrozdJdXYfWvEWlfH9OywHQ=; t=1715629604; x=1716493604; b=jQ4/xmaIzVpkJ78rTL3gNvGazq/Mlfc7VqG9tG9pEwFuQbz gwKa2WPXVV7ayriYXXkmK2+8jWxH8HvAf9kg26UdlZMIora6rbBrziMEnJZiQBiYbUyHMTTixBsks 9LmwdTXE1WukKs7dTKlsJx7FpY4nsuI6pWoX4TkJaeLZo7pxDS5fyoGPDtKVv7Ld19J0ghgQlEdgd 2CGVoQV4xcsAqPiz73msQYOW8u9YbGaOcvP3bq2LYbcpgjNad7zH8c8pgdttDALFL/5y6N/2txL4N SZ8hZAOqIC6ayojod52qAHG8aK+rNpWx2TCmBcX3bxOV3NTdGAhI7PJgbyumTrPQ==;
Received-SPF: pass (puck.w3.org: domain of rfcpa.amsl.com designates 50.223.129.200 as permitted sender) client-ip=50.223.129.200; envelope-from=wwwrun@rfcpa.amsl.com; helo=rfcpa.amsl.com;
Received: from rfcpa.amsl.com ([50.223.129.200]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <wwwrun@rfcpa.amsl.com>) id 1s6bdD-00EFa4-3C for ietf-http-wg@w3.org; Mon, 13 May 2024 19:46:44 +0000
Received: by rfcpa.amsl.com (Postfix, from userid 499) id EE5B0190746F; Mon, 13 May 2024 12:46:39 -0700 (PDT)
To: rifaat.ietf@gmail.com, ahrensdc@gmail.com, sophie.bremer@netzkonform.de, debcooley1@gmail.com, paul.wouters@aiven.io, ynir.ietf@gmail.com, rifaat.ietf@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: jorton@apache.org, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240513194639.EE5B0190746F@rfcpa.amsl.com>
Date: Mon, 13 May 2024 12:46:39 -0700
X-W3C-Hub-Spam-Status: No, score=-4.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DMARC_MISSING=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1s6bdD-00EFa4-3C 1a99d7814a20551ee3c427037091d4f6
X-Original-To: ietf-http-wg@w3.org
Subject: [Technical Errata Reported] RFC7616 (7936)
Archived-At: <https://www.w3.org/mid/20240513194639.EE5B0190746F@rfcpa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51942
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

The following errata report has been submitted for RFC7616,
"HTTP Digest Access Authentication".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7936

--------------------------------------
Type: Technical
Reported by: Joe Orton <jorton@apache.org>

Section: 3.3

Original Text
-------------
   domain

      A quoted, space-separated list of URIs, as specified in [RFC3986],
      that define the protection space.  If a URI is a path-absolute, it
      is relative to the canonical root URL.  (See Section 2.2 of


Corrected Text
--------------
   domain

      A quoted, space-separated list of URI-reference strings, as specified in [RFC3986],
      that define the protection space.  If a URI-reference is in a relative form, it
      is relative to the canonical root URL.  (See Section 2.2 of


Notes
-----
The definition of the "domain" parameter is inconsistent/contradictory - a list of space-separated URIs cannot include a path-absolute, since path-absolute is not a URI - though it is a URI-reference. If the intent was that "a space-separated list of URI-reference strings" is allowed, that could be used instead, per my suggested corrected text. 

It is likely both that the intent was not to allow any URI-reference here, and that current client implementations accept only absolute-URI or path-absolute. So it could instead be clarified as follows:

    A quoted, space-separated list of either absolute-URI or path-absolute, as specified in [RFC3986], that define the protection space.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC7616 (draft-ietf-httpauth-digest-19)
--------------------------------------
Title               : HTTP Digest Access Authentication
Publication Date    : September 2015
Author(s)           : R. Shekh-Yusef, Ed., D. Ahrens, S. Bremer
Category            : PROPOSED STANDARD
Source              : Hypertext Transfer Protocol Authentication
Stream              : IETF
Verifying Party     : IESG