On 23 March 2012 16:01, =JeffH <[email protected]> wrote:
>> I suggest the following ABNF.
>>
>> Strict-Transport-Security = "Strict-Transport-Security" ":"
>> directive *( ";" directive )
>>
>> directive = [ token [ "=" ( token | quoted-string ) ] ]
>
>
> Well, I've been counseled in the past (and agree with it) that having an
> ABNF production that is potentially totally null is not such a good idea.
>
> Perhaps this approach addresses this problem and is closer to what Julian
> intended..
>
> Strict-Transport-Security = "Strict-Transport-Security" ":"
> [ directive ] *( ";" [ directive ] )
>
> directive = token [ "=" ( token | quoted-string ) ]
>
That's exactly the same as what I see above, and both have two obvious
problems, one of which I think you all missed.
You want zero or more directives ? or one or more?
for one or more:
STS = "STS" ":" directive *(";" directive)
for zero or more:
STS = "STS" ":" [ directive *(";" directive) ]
and:
directive = token ["="(token / quoted-string)]
Note the second problem: a slash should be used instead of vertical bar.
--Martin
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
