On Sun, Oct 18, 2009 at 6:09 AM, Pádraic Brady <[email protected]> wrote: > Presumably the secret is not a string of characters but a randomly generated > stream of bytes. Bytes != Characters. Character encoding is not relevant.
In fact, having glanced at http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.13.4, if you want binary in your hub.secret, you have to %HH-encode each byte. Right? So maybe the spec should say "A subscriber-provided secret string (potentially requiring %HH-encoding for binary data)..." or some such. I'm just saying that "(as bytes)" leads you to think you can jam arbitrary binary into a application/x-www-form-urlencoded message body, which I don't think is true. -T
