* Julian Reschke wrote:
On 2015-02-06 07:43, Julian Reschke wrote:
...
There should be an example for "no other authentication parameters are
defined -- unknown parameters MUST be ignored by recipients", otherwise
such extension points are too easily missed by implementers.
<http://greenbytes.de/tech/tc/httpauth/#simplebasicnewparam2> shows that
UAs seem to get at least this correct. I'll think about it.
OK. In my tests I don't see anybody getting *that* wrong, and the new
text already is much clearer than RFC 2617 ever was.
Thus I don't think we need an example here. Also note that the real
challenge (pun intended) is to parse multiple challenges properly; this
is something many UAs *do* get wrong despite the prose in both RFC 2617
and RFC 7235.
You cannot really test future implementations. I will survive without an
example, but I think it is a bad practise to omit examples demonstrating
extension mechanisms like this one.
--
Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de ·
http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
Available for hire in Berlin (early 2015) · http://www.websitedev.de/