On 2012-01-28 01:56, =JeffH wrote:
...
Hi Jeff,
thanks for the update.
The ABNF now is:
Strict-Transport-Security = "Strict-Transport-Security" ":"
directive *( ";" [ directive ] )
directive = token [ "=" ( token | quoted-string ) ]
...and I think this is almost right.
It does allow empty directives (thus repeated or trailing semicolons),
but not leading semicolons.
So
STS: foo ;
parses, but
STS: ; foo
does not. This could be fixed by saying:
Strict-Transport-Security = "Strict-Transport-Security" ":"
*( ";" [ directive ] )
I like the subsequent prose about the additional constraints.
For 6.1.1 and 6.1.2, we still need to decide whether a) quoted-string
should be legal here (I understand that's
<http://trac.tools.ietf.org/wg/websec/trac/ticket/33>), and if it was,
b) how the syntax should be described.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
