Dear all,
I have some uncertainty about the definitions for the treatment of leading
zeros in port component of the URI, regarding Web Origin Concept RFC (RFC 6454).
RFC 3986 (URI) defines the port subcomponent as *DIGIT, permitting any
leading zeros.
(Trivia: interestingly, it rejects leading zeros in components of IPv4
addresses.)
Section 4 of RFC 6454 says the uri-port element of Web Origin triple is
"the port component of the URI".
Section 5 says that for two origins to be the same, the ports must be identical.
Section 6 (serialization) says that "a U+003A COLON code point (":")
and the given port,
in base ten" will be appended in the serialized string of origins.
So question is about the "type" of the port: is it a string or an integer?
I could not find a direct declaration for this. (searched for leading,
zero, integer etc.)
More specifically,
1) Are URIs http://www.example.com:8080/ and
http://www.example.com:08080/ same-origin?
2) Will the string "http://www.example.com:08080/"; be a valid output of the
algorithm in Sections 6.1 and 6.2 for some input URIs?
I want to have both "intended" answers and supporting definition rules, if any.
[My guess for intended answers are 1) yes, and 2) no.]
Background:
I'm writing a draft in HTTPAUTH WG, and considering definition of the canonical
string for scheme-host-port triple to be chabged in harmony with RFC 6454.
I need a function which translates "http://www.example.com:08080/";
into "http://www.example.com:8080";.
# The change "in harmony with RFC 6454" means to strip ":80" for http
and ":443" for https.
--
Yutaka OIWA, Ph.D. Leader, System Life-cycle Research Group
Research Institute for Secure Systems (RISEC)
National Institute of Advanced Industrial Science and Technology (AIST)
Mail addresses: <[email protected]>, <[email protected]>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
