3.2.5.2 Qop Directive

The qop directive, as specified in [RFC2617] section 3.2.2, is optional to preserve backward compatibility with minimal implementation of digest access authentication, as specified in [RFC2069]. [RFC2617] specifies that the qop directive SHOULD<13> be used by the client (if the server indicates that qop is supported) by providing a qop directive in the WWW-Authenticate header field.

The server MUST treat single unquoted qop values, such as 'qop-value', the same as quoted qop values, such as 'qop="value"'.<14>