On 2011-09-23 00:33, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Security Working Group of the IETF.
...
Nits...:
The OWS (optional whitespace) rule is used where zero or more linear
whitespace characters MAY appear:
OWS = *( [ obs-fold ] WSP )
; "optional" whitespace
obs-fold = CRLF
We changed the definition of OWS nin HTTPbis:
<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-latest.html#basic.rules>
1. If the URI does not use a hierarchical element as a naming
authority (see [RFC3986], Section 3.2), or if the URI is not an
absolute URI, then generate a fresh globally unique identifier
and return that value.
1. NOTE: Running this algorithm multiple times for the same URI
can produce different values each time. Typically, user
agents compute the origin of, for example, an HTML document
once and use that origin for subsequent security checks
rather than recomputing the origin for each security check.
It seems the NOTE shouldn't be in a numbered list (same for item 4).
7.1. Syntax
The Origin header field has the following syntax:
origin = "Origin:" OWS origin-list-or-null OWS
origin-list-or-null = "null" / origin-list
origin-list = serialized-origin *( SP serialized-origin )
serialized-origin = scheme "://" host [ ":" port ]
; <scheme>, <host>, <port> productions from RFC3986
a) Reformat do it doesn't need to be outdented
b) "null" in ABNF means case-insensitive; consider replacing with octet
sequence and putting the literal "null" into a comment.
References: may need updates, such as WEBSOCKETS. Also consider sorting
them (xml2rfc sortrefs PI).
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
