On 2011-10-07 10:54, Stephen Farrell wrote:
Hi Phill, Oauth [1] uses ""application/x-www-form-urlencoded" format as defined by [W3C.REC-html401-19991224]" all over the place to solve basically this problem but in the context of HTTP URLs which has to be worse than for a new URI scheme. Why not do the same here? ...
...because the definition is vague with respect to non-ASCII (that *is* a problem for OAuth, but might be ok here), and because it also leaks the special-casing of SP (encoded as "+") into new areas.
If you like the encoding otherwise, then just refer to RFC 3986 for percent-encoding: <http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.2.1>.
Best regards, Julian _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
