Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04

Fri, 06 Apr 2012 00:26:00 -0700 

On 2012-04-06 00:40, =JeffH wrote:

Thanks for the feedback, proposed edits, and hacked xml2rfc source.

 > So this
 >
 > - states that the given ABNF applies to the value after q-s processing
 > (when needed)
 > - changes the ABNF to specify only the *value*

Ok. so you suggested..

6.1.1. The max-age Directive

The REQUIRED max-age directive specifies the number of seconds, after
the reception of the STS header field, during which the UA regards
the host, from whom the message was received, as a Known HSTS Host
(see also Section 8.1.1 "Noting a HSTS Host", below).

The syntax of the max-age directive's value (after potential
applying quoted-string unescaping) is:

max-age-v = delta-seconds
delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>

Note: A max-age value of zero signals the UA to cease regarding the
host as a Known HSTS Host.



..and I presently am polishing that to be..


6.1.1. The max-age Directive

The REQUIRED "max-age" directive specifies the number of seconds,
after the reception of the STS header field, during which the UA
regards the host, from whom the message was received, as a Known HSTS
Host (see also Section 8.1.1 "Noting a HSTS Host", below).

The max-age directive value has the following syntax
(after quoted-string unescaping, if necessary):

max-age-value = delta-seconds
delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>

Note: A max-age value of zero signals the UA to cease regarding the
host as a Known HSTS Host.


Looks good to me.


I'm a little concerned that without an explicit syntax declaration such
as..

max-age = "max-age" "=" max-age-value

..we'll confuse some readers ("what do i actually put in the STS header
for this directive??"), but hopefully the examples in section 6.2, as
well as putting the directive name in quotes in the first paragraph,
will address this.
Noted. And yes, if we optimize for people not reading the spec "properly", the best way to address this is to add examples. 

Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec

Reply via email to