First, I agree that this is a nit.
On 25.01.23 14:54, Alan DeKok wrote:
On Jan 25, 2023, at 8:27 AM, Eliot Lear <l...@lear.ch> wrote:
No negotiation required. It gets the username as part of basic auth, sees the
name and then makes a decision to initiate a new inner method.
It has to finish the current method first. i.e. the server only gets the username
after sending a Basic-Password-Auth-Req TLV. The response contains a username
&& password.
Sure, but 7170 doesn't say you can't have a null password. So it can
finish the current method and then decide to add another by sending a
request-action TLV (a corner case to be sure). Or it can reject the
null password.
We could also say, “don't try that or we'll send the protocol police
after you” ;-)
Eliot
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
