The reason is simple. My auth helper reads values (realm:password or only password) from a certain LDAP attribute, matches one of these values and then uses the match to compute H(A1). Now, we have customers whose LDAP attributes only store the password (in clear-text) and thus they have no realm:password combination which might be matched. Finally this leads to the assumption that the associated realm is empty and thus the need for an empty realm. I don't think the "intention" of the authors can be a valid argument here since the RFC was created in order not to have to rely on guesses and intentions when implementing a HTTP client/server. Regards, Khaled
