I apologize if I'm late in the thread and someone else already pointed this out, or if this is a stupid idea for any other reason, but did you consider so called "base64url", which had been proposed with the very purpose of embedding base64 blobs inside URLs without further encoding?
http://tools.ietf.org/html/rfc4648#page-7 Best -- G Julian Reschke wrote, On 07/10/2011 18.47: > On 2011-10-07 10:54, Stephen Farrell wrote: >> >> Hi Phill, >> >> Oauth [1] uses ""application/x-www-form-urlencoded" format as defined by >> [W3C.REC-html401-19991224]" all over the place to solve basically >> this problem but in the context of HTTP URLs which has to be worse >> than for a new URI scheme. >> >> Why not do the same here? >> ... > > ...because the definition is vague with respect to non-ASCII (that *is* a > problem for OAuth, but might be ok here), and because it also leaks the > special-casing of SP (encoded as "+") into new areas. > > If you like the encoding otherwise, then just refer to RFC 3986 for > percent-encoding: > <http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.2.1>. > > Best regards, Julian > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
