On Thu, 05 Jan 2012 16:59:58 +0100, Paul Hoffman <[email protected]>
wrote:
FWIW, I'm with Julian on this, particularly:
- principle of least surprise and consistency - if quoted-string works
in other header fields with param syntax, why not here?
"We invented a header that your message-producing software must
special-case" is not a good way to get security.
If the header-consuming software works that way, it might be the only way.
What the right way to go here is kind of depends on how header field
values are typically implemented in practice. I suspect it to be rather
messy.
--
Anne van Kesteren
http://annevankesteren.nl/
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
