On Wed, Nov 9, 2011 at 2:03 PM, Ryan Sleevi <[email protected]> wrote:
> While revisiting the ABNF, should "fp-type" be made into 'token' instead
> of an explicit list ( "sha1" / "sha256" )? Rather than dealing with the
> minimal set of "must-implements" in the grammar, define it in the text for
> processing rules. This is similar to the conversation that happened for
> the STS grammar rules.
Here is what I have now:
<figure anchor="header-abnf">
<artwork>
Public-Key-Pins = "Public-Key-Pins" ":" LWS directives
directives = max-age LWS ";" LWS pins
/ pins LWS ";" LWS max-age
max-age = "max-age" LWS "=" LWS delta-seconds
pins = pin
/ pin LWS ";" LWS pins
pin = "pin-" token LWS "=" LWS quoted-string
</artwork>
</figure>
<t>In the pin rule, the token is the name of a cryptographic hash algorithm,
and MUST be either "sha1" or "sha256". (Future versions of this
specification may change the hash functions.) The quoted-string is a
sequence of base64 digits: a base64-encoded hash. See <xref
target="pin-semantics"/>.</t>
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
