On Fri, Oct 7, 2011 at 11:45 AM, Stephen Farrell <[email protected]>wrote:
> > > On 10/07/2011 04:21 PM, Phillip Hallam-Baker wrote: > >> On Fri, Oct 7, 2011 at 4:54 AM, Stephen Farrell >> <[email protected]>**wrote: >> >> >>> Hi Phill, >>> >>> Oauth [1] uses ""application/x-www-form-****urlencoded" format as >>> defined by >>> [W3C.REC-html401-19991224]" all over the place to solve basically >>> this problem but in the context of HTTP URLs which has to be worse >>> than for a new URI scheme. >>> >>> Why not do the same here? >>> >>> S. >>> >>> [1] http://tools.ietf.org/html/****draft-ietf-oauth-v2-22#**** >>> section-4.1.1<http://tools.ietf.org/html/**draft-ietf-oauth-v2-22#**section-4.1.1> >>> <http://tools.**ietf.org/html/draft-ietf-**oauth-v2-22#section-4.1.1<http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.1> >>> > >>> >> >> >> That works for me. It is easy enough to do in scripting. >> >> May even be possible to use the plain base64 in the ni form of the >> identifier and form encode it when using it to form a URL (or whatever >> else >> required in a protocol). >> > > Actually, you're right - that's better. Just use b64 here and note > that protocols might have to urlencode. If it turns out to be a > problem we can fix later. > Given that the requirement is a SHOULD, a draft that demonstrates that the point was considered should be enough to avoid time in the DISCUSS penalty box. -- Website: http://hallambaker.com/
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
