On Tue, Oct 4, 2011 at 3:39 AM, Julian Reschke <[email protected]> wrote: > On 2011-10-03 19:12, Phillip Hallam-Baker wrote: >> >> On Mon, Oct 3, 2011 at 1:05 PM, Paul Hoffman<[email protected]> >> wrote: >>> >>> On Oct 3, 2011, at 9:22 AM, Phillip Hallam-Baker wrote: >>> >>>> URLs are used in cases where hierarchy is assumed. >>> >>> I didn't see such use cases in your draft, nor in Stephen's. Maybe you'll >>> put them in your next proposal. >> >> As Julian correctly pointed out, a generic URI will be used in >> situations where the application will (correctly) assume that anything >> in URI syntax that has a slash character in it will be hierarchical. >> >> Thus a URI scheme that does not intend to indicate hierarchy MUST NOT >> include a slash character in that part of the identifier. >> ... > > I wouldn't say "MUST NOT". It's just it's a source of confusion that can be > avoided when defining new URI schemes.
Ack, In private conversation someone just pointed out that the data: uri scheme has a semicolon that turns out to be necessary because parsers make unjustified assumptions. There is a SHOULD NOT in the URI spec and I think the onus is on folk to demonstrate that base64url would cause actual problems. The base64url scheme is used by Facebook so there is a huge amount of existing code that can manage the format. There is a page of implementations: https://github.com/ptarjan/base64url Using the base64url encoding makes use of an Apache server on UNIX much easier since the di digest can be used as the filename. I can't see that any of the purported conveniences of base64 outweigh that. Base16 means longer identifiers and introduces a case sensitivity issue. -- Website: http://hallambaker.com/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
