Merge pull request #462 from ietf-wg-privacypass/tfpauly-patch-24

Challenges don't need to be unique
ietf-wg-privacypass · Sep 5, 2023 · 44ced39 · 44ced39
2 parents fbacaba + 081facc
commit 44ced39
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/draft-ietf-privacypass-auth-scheme.md b/draft-ietf-privacypass-auth-scheme.md
@@ -222,8 +222,7 @@ value. This document follows the default padding behavior described in
 As an Authentication Parameter (`auth-param` from {{!RFC9110, Section 11.2}}),
 the value can be either a token or a quoted-string, and might be required to
 be a quoted-string if the base64url string includes "=" characters. This
-challenge value MUST be unique for every 401 HTTP response to prevent replay
-attacks. This parameter is required for all challenges.
+parameter is required for all challenges.
 
 - "token-key", which contains a base64url encoding of the public key for
 use with the issuance protocol indicated by the challenge. See {{ISSUANCE}}