On 2011-12-29 22:32, Adam Barth wrote:
On Thu, Dec 29, 2011 at 1:24 PM, Julian Reschke<julian.resc...@gmx.de> wrote:
On 2011-12-29 22:18, Adam Barth wrote:
On Thu, Dec 29, 2011 at 1:13 PM, Julian Reschke<julian.resc...@gmx.de>
wrote:
On 2011-12-29 20:50, Adam Barth wrote:
As I wrote before, I don't think we should include quoted-string in
the grammar. As far as I know, no one has implemented it and I have
no plans to implement quoted-string in Chrome. Having quoted-string
in the grammar only leads to pain.,
It would be helpful if you were more precise on the pain it causes,
considering you need to process extension directives anyway...
We've been over this several times before. The problem is the
requirement to balance DQUOTE and the complexities surrounding the
error conditions if the DQUOTEs don't balance properly (including
escaping).
Yes, but you are avoiding the question I asked. Are you implementing
quoted-string for extension parameters?
No.
Here's the grammar I recommend:
Strict-Transport-Security = "Strict-Transport-Security" ":"
directive *( ";" [ directive ] )
directive = max-age | includeSubDomains | STS-d-ext
max-age = "max-age" "=" delta-seconds
includeSubDomains = "includeSubDomains"
STS-d-ext = token [ "=" token ]
I would also define the precise requirements for parsing all possible
input sequences, but I understand that's not fashionable.
Ack. This is at least consistent.
That being said, I disagree. token=quoted-string is widely implemented,
and if there are clients not getting it right we should fix them.
If you are aware of specific clients having this problem please list
them so we can open bug reports.
Best regards, Julian
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
