Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard

["Roy T. Fielding" <fielding@gbiv.com>]

On Sep 2, 2011, at 1:19 PM, Frank Ellermann wrote:

> On 2 September 2011 21:38, Roy T. Fielding wrote:
> 
> [http-bis]
>>   OWS            = *( HTAB / SP / obs-fold )
>>                    ; "optional" whitespace
>>   obs-fold       = CRLF ( HTAB / SP )
>>                    ; obsolete line folding
> 
> Clearer.  JFTR, this is still "avoid *any* folding", and not
> "avoid more than one folding".

That is the intention.  There is no reason to fold in HTTP
outside of the message/http media type.

>  And if you like...
> 
>>   origin              = "Origin:" [ SP ] origin-list-or-null
> 
> ...I wonder why you don't demote HTAB generally to "obsolete"
> in OWS.

We already state that a single SP is preferred.

> Or why you don't propose *WSP instead of [SP] in the
> Origin header field.

Because a single SP is preferred.  This is a new header field.

> It would be odd if the overall HTTPbis
> rules and the specific Origin header field have different
> ideas about "optional white space" (modulo <obs-fold>, i.e.,
> eliminating <obs-fold> in a new header field Origin is fine).

The overall field parsing rules for HTTPbis are for recipients.
These things are parsed in general, and so it only matters that
the generative grammar for origin matches one of the choices
allowed by the parsing grammar in HTTPbis.

> One optional SP is not the same as zero or more ( HTAB / SP ).

It is if you only send the preferred format.  That said, I'd also
agree with Julian's suggestion that it is better to just define
the field-value in ABNF and leave the rest to HTTP.

....Roy