On Jan 8, 2012, at 4:25 PM, Adam Barth wrote: > This header isn't defined in RFC 2616 and many headers defined outside > of RFC 2616 don't use quoted-string.
I haven't completely kept up on new headers, but I think "many" may be an overstatement (but am happy to be proven wrong). The fact that one or two got it wrong shouldn't guide us: security robustness should. --Paul Hoffman _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
