From 9f3a42eee41aaad6c8387535fe20a3211d5d3688 Mon Sep 17 00:00:00 2001 From: Tommy Pauly Date: Thu, 31 Aug 2023 10:49:32 -0700 Subject: [PATCH] Must ignore unknown parameters Closes #444 --- draft-ietf-privacypass-auth-scheme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-privacypass-auth-scheme.md b/draft-ietf-privacypass-auth-scheme.md index 549fd3ef..ca0ca87a 100644 --- a/draft-ietf-privacypass-auth-scheme.md +++ b/draft-ietf-privacypass-auth-scheme.md @@ -236,8 +236,8 @@ Clients MAY ignore the challenge, e.g., because the token-key is invalid or otherwise untrusted. The header field MAY also include the standard "realm" parameter, if desired. -Issuance protocols MAY require other parameters. Clients SHOULD ignore unknown -parameters in challenges, except if otherwise specified by issuance protocols. +Issuance protocols MAY require other parameters. Clients MUST ignore unknown +parameters in challenges. As an example, the WWW-Authenticate header field could look like this: