On Fri, Sep 23, 2011 at 12:29 AM, Julian Reschke <[email protected]> wrote: > On 2011-09-23 00:33, [email protected] wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. This draft is a work item of the Web Security Working Group of >> the IETF. >> ... > > Nits...: > >> The OWS (optional whitespace) rule is used where zero or more linear >> whitespace characters MAY appear: >> >> OWS = *( [ obs-fold ] WSP ) >> ; "optional" whitespace >> obs-fold = CRLF > > We changed the definition of OWS nin HTTPbis: > <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-latest.html#basic.rules>
Updated. >> 1. If the URI does not use a hierarchical element as a naming >> authority (see [RFC3986], Section 3.2), or if the URI is not an >> absolute URI, then generate a fresh globally unique identifier >> and return that value. >> >> 1. NOTE: Running this algorithm multiple times for the same URI >> can produce different values each time. Typically, user >> agents compute the origin of, for example, an HTML document >> once and use that origin for subsequent security checks >> rather than recomputing the origin for each security check. > > It seems the NOTE shouldn't be in a numbered list (same for item 4). Fixed. >> 7.1. Syntax >> >> >> The Origin header field has the following syntax: >> >> >> origin = "Origin:" OWS origin-list-or-null OWS >> origin-list-or-null = "null" / origin-list >> origin-list = serialized-origin *( SP serialized-origin ) >> serialized-origin = scheme "://" host [ ":" port ] >> ; <scheme>, <host>, <port> productions from RFC3986 > > a) Reformat do it doesn't need to be outdented Done. > b) "null" in ABNF means case-insensitive; consider replacing with octet > sequence and putting the literal "null" into a comment. Done. > References: may need updates, such as WEBSOCKETS. Also consider sorting them > (xml2rfc sortrefs PI). I've updated WEBSOCKETS. It will probably need to be updated again. Thanks! Adam _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
