Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04

Mon, 26 Mar 2012 01:41:47 -0700 

On 2012-03-26 10:29, =JeffH wrote:

 >> I'm not sure how to cleanly and unambiguously define them in terms of
 >> both token and quoted-string (and retain max-age's basis on
 >> delta-seconds). Perhaps you could propose how to do this?
 >
 > Just define the base grammar for the overall parsing; such as

I would appreciate it if you would just plain propose the grammar you
believe we should have.
The base grammar in Section 6 is fine (except for the nit about the leading ";" we were already discussing). 

For the predefined directives, for example, change:

6.1.1. The max-age Directive


   The REQUIRED max-age directive specifies the number of seconds, after
   the reception of the STS header field, during which the UA regards
   the host, from whom the message was received, as a Known HSTS Host
   (see also Section 8.1.1 "Noting a HSTS Host", below).  The delta-
   seconds production is specified in [RFC2616].

   The syntax of the max-age directive is defined as:

    max-age       = "max-age" "=" delta-seconds

    delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>

   Note:  A max-age value of zero signals the UA to cease regarding the
          host as a Known HSTS Host.

to

6.1.1. The max-age Directive

   The REQUIRED max-age directive specifies the number of seconds, after
   the reception of the STS header field, during which the UA regards
   the host, from whom the message was received, as a Known HSTS Host
   (see also Section 8.1.1 "Noting a HSTS Host", below).

   The syntax of the max-age directive's value (after potential
   applying quoted-string unescaping) is:

    max-age-v     = delta-seconds
    delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>

   Note:  A max-age value of zero signals the UA to cease regarding the
          host as a Known HSTS Host.

So this
- states that the given ABNF applies to the value after q-s processing (when needed) 
- changes the ABNF to specify only the *value*
- also we can remove the prose statement about delta-seconds; having it in the ABNF is sufficient 

Finally, examples should show both variants of the syntax.

Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec

Reply via email to