Hi Barry, On 9 Jul 2012, at 21:30, Barry Leiba <[email protected]> wrote:
> The following came up in my AD review of > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > needed to take it to the list. So here it is. > > The ABNF in Section 6.1 has this: > > directive = token [ "=" ( token | quoted-string ) ] > > Below that, bullet 3 says this: > > 3. Directive names are case-insensitive. > > And in Section 6.1.1: > > The syntax of the max-age directive's value (after quoted-string > unescaping, if necessary) is defined as: > > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. > > Making the grammar like this will fix it: > > directive = directive-name [ "=" directive-value ] > directive-name = token > directive-value = token | quoted-string This looks reasonable to me. > > If there's a good reason not to make the ABNF change above, I'm happy > to accept some other way of defining the terms, but I think they must > be defined. I think doing it with the ABNF is the easiest and > smoothest way. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
