That is one of the six options that I have implemented so far. The pros of base64url is that it is compact and fully compatible
The cons are that it may require a modest amount of coding on some platforms, it is case sensitive and it is not suitable for reading over a telephone. My view being in the process of writing code here is that the coding required for the base64url encoding is trivial and that the additional corner case-age introduced by mucking with base64 encoding is much more hassle. But others have different views here. On Fri, Oct 7, 2011 at 1:42 PM, Giorgio Maone <[email protected]>wrote: > I apologize if I'm late in the thread and someone else already pointed this > out, or if this is a stupid idea for any other reason, but did you consider > so > called "base64url", which had been proposed with the very purpose of > embedding > base64 blobs inside URLs without further encoding? > > http://tools.ietf.org/html/rfc4648#page-7 > > Best > -- G > > > Julian Reschke wrote, On 07/10/2011 18.47: > > On 2011-10-07 10:54, Stephen Farrell wrote: > >> > >> Hi Phill, > >> > >> Oauth [1] uses ""application/x-www-form-urlencoded" format as defined by > >> [W3C.REC-html401-19991224]" all over the place to solve basically > >> this problem but in the context of HTTP URLs which has to be worse > >> than for a new URI scheme. > >> > >> Why not do the same here? > >> ... > > > > ...because the definition is vague with respect to non-ASCII (that *is* a > > problem for OAuth, but might be ok here), and because it also leaks the > > special-casing of SP (encoded as "+") into new areas. > > > > If you like the encoding otherwise, then just refer to RFC 3986 for > > percent-encoding: > > <http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.2.1>. > > > > Best regards, Julian > > _______________________________________________ > > websec mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/websec > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > -- Website: http://hallambaker.com/
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
