On Sat, 2005-11-19 at 18:50 +0000, sebb wrote:
> > I respectfully disagree. In the HTTP spec quote marks are always
> > designated as <">. See request-digest in the example above
>
> I can't find qop-value defined anywhere as a quoted string, but nor
> can I find it defined as a non-quoted string.
>
> But why does the RFC use the unq() function on qop-value unless it is
> a quoted string?
>
> There are some other examples of the use of unq() - e.g. realm-value -
> in each case all of the operands are defined as being quoted strings.
>
All right. This is how it goes
qop-value is defined as:
qop-value = "auth" | "auth-int" | token
token is defined as:
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
in fact qop-value per this definition MAY NOT be a quoted string.
This is an example of digest challenge/response given in the spec, section 3.5
[1]
<quote>
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest
realm="[EMAIL PROTECTED]",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
...
Authorization: Digest username="Mufasa",
realm="[EMAIL PROTECTED]",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
</quote>
Note qop attribute in the digest response is not quoted, which makes
perfect sense given its definition in the RFC.
Quoted string is defined in the HTTP spec as [2]:
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext = <any TEXT except <">>
quoted-pair = "\" CHAR
Hope this makes things clearer
Cheers,
Oleg
[1] http://www.faqs.org/rfcs/rfc2617.html
[2] http://www.faqs.org/rfcs/rfc2616.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
