On Dec 29, 2011, at 5:22 PM, Adam Barth wrote: > On Thu, Dec 29, 2011 at 5:01 PM, =JeffH <[email protected]> wrote: >> Adam Barth noted: >>> I would also define the precise requirements for parsing all possible >>> input sequences, but I understand that's not fashionable. >> >> By that, you are suggesting specification of parsing algorithms as done in >> RFC6265 "HTTP State Management Mechanism", yes? > > I actually think what we're doing for CSP is slightly better: > > http://www.w3.org/TR/CSP/#policies
Hmm, that algorithm breaks on foo;;bob which is allowed by the associated ABNF. *shrug* I don't think I'll ever understand why you keep promoting Ian's mantra on specs being written as algorithms. The algorithms that you end up placing in the specs have more bugs than the code found in the actual implementations, and they aren't any more formal than the ABNF. ....Roy _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
