Thanks for your thoughts,
> I don't think it matters much what we write in this document.
I overall understand and tend to agree, because I'm doubting we will see much
if any further extension work for this header field.
> However,
> we can deal with that problem when it comes time to add extension
> values that actually used quoted-string.
agreed. that's why I'm leaning towards spec'g it with quoted-string at this
time. It future-proofs the spec at least and we won't have to fight a nit like
this in Last Calls.
I'm not too worried at this point about user agents not actually implementing
parsing for as-yet-unspecified-or-even-discussed extension directives for the
STS header field.
though, I remain curious as to why the STS parsing in Firefox & Chrome is
apparently each a one-off and doesn't use the more generic HTTP header-field
parsing routines that are available and which appear to handle quoted-string,
arbitrary header field parameter ordering, etc.
thanks,
=JeffH
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec