The following came up in my AD review of draft-ietf-websec-strict-transport-sec, and Jeff suggested that I needed to take it to the list. So here it is.
The ABNF in Section 6.1 has this: directive = token [ "=" ( token | quoted-string ) ] Below that, bullet 3 says this: 3. Directive names are case-insensitive. And in Section 6.1.1: The syntax of the max-age directive's value (after quoted-string unescaping, if necessary) is defined as: Nothing defines what a directive name or a directive's value is. You and I know they're what's on the left side of the equals sign and the right side, respectively. We can't assume, though, that people will figure out that the ABNF definition above turns into "name=value", and will thus know what those terms mean, completely unambiguously, for essentially all readers. Making the grammar like this will fix it: directive = directive-name [ "=" directive-value ] directive-name = token directive-value = token | quoted-string If there's a good reason not to make the ABNF change above, I'm happy to accept some other way of defining the terms, but I think they must be defined. I think doing it with the ABNF is the easiest and smoothest way. Barry _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
