* Julian Reschke wrote: >On 2015-02-06 07:43, Julian Reschke wrote: >> ... >>> There should be an example for "no other authentication parameters are >>> defined -- unknown parameters MUST be ignored by recipients", otherwise >>> such extension points are too easily missed by implementers. >> >> <http://greenbytes.de/tech/tc/httpauth/#simplebasicnewparam2> shows that >> UAs seem to get at least this correct. I'll think about it. > >OK. In my tests I don't see anybody getting *that* wrong, and the new >text already is much clearer than RFC 2617 ever was. > >Thus I don't think we need an example here. Also note that the real >challenge (pun intended) is to parse multiple challenges properly; this >is something many UAs *do* get wrong despite the prose in both RFC 2617 >and RFC 7235. You cannot really test future implementations. I will survive without an example, but I think it is a bad practise to omit examples demonstrating extension mechanisms like this one. -- Björn Höhrmann · mailto:bjoern@xxxxxxxxxxxx · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/