Here's the promised concrete change proposal:
Section 6.1., paragraph 3:
OLD:
Strict-Transport-Security = "Strict-Transport-Security" ":"
*( ";" [ directive ] )
NEW:
Strict-Transport-Security = "Strict-Transport-Security" ":"
[ directive ] *( ";" [ directive ] )
(fixes the leading ";" problem)
Section 6.1., paragraph 12:
OLD:
Additional directives extending the semantic functionality of the STS
header field may be defined in other specifications (which "update"
this specification), using the STS directive extension point.
NEW:
Additional directives extending the semantic functionality of the STS
header field can be defined in other specifications (which "update"
this specification).
(the extension directive extension point was removed earlier on when the
ABNF was simplified)
Section 6.1.1., paragraph 2:
OLD:
The syntax of the max-age directive is defined as:
NEW:
The syntax of the max-age directive's value (after potential quoted-
string when applicable) is defined as:
Section 6.1.1., paragraph 3:
OLD:
max-age = "max-age" "=" delta-seconds
NEW:
max-age-value = delta-seconds
(We just define the parameter value ABNF)
Section 6.2., paragraph 0:
OLD:
The syntax of the includeSubDomains directive is defined as:
includeSubDomains = "includeSubDomains"
6.2. Examples
NEW:
(text removed, as the directive is value-less)
6.2. Examples
Section 6.2., paragraph 2:
OLD:
Strict-Transport-Security: max-age=31536000
NEW:
Strict-Transport-Security: max-age="31536000"
(changed one example to use q-s)
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
