IETF Logo Mail Archive

Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)

Adam Barth <ietf@adambarth.com> Sun, 15 January 2012 23:13 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A1F21F84EC for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:13:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[AWL=0.181, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HfoWSKZ8wod6 for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:13:03 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id CC2CE21F84EA for <websec@ietf.org>; Sun, 15 Jan 2012 15:13:03 -0800 (PST)
Received: by iaae16 with SMTP id e16so8247216iaa.31 for <websec@ietf.org>; Sun, 15 Jan 2012 15:13:03 -0800 (PST)
Received: by 10.50.207.72 with SMTP id lu8mr10478130igc.0.1326669183487; Sun, 15 Jan 2012 15:13:03 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id xu6sm29669272igb.7.2012.01.15.15.13.02 (version=SSLv3 cipher=OTHER); Sun, 15 Jan 2012 15:13:02 -0800 (PST)
Received: by iaae16 with SMTP id e16so8247185iaa.31 for <websec@ietf.org>; Sun, 15 Jan 2012 15:13:02 -0800 (PST)
Received: by 10.42.161.10 with SMTP id r10mr8488399icx.22.1326669182121; Sun, 15 Jan 2012 15:13:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.62.139 with HTTP; Sun, 15 Jan 2012 15:12:31 -0800 (PST)
In-Reply-To: <4F135B3C.5080508@gmx.de>
References: <4F10CB26.2000206@KingsMountain.com> <CAJE5ia9-_KcDcm1Ac51PQt0XOGXmXnQjabMnDd1QihU_MGkBZA@mail.gmail.com> <4F134EF6.5050208@gmx.de> <CAJE5ia8gZt6=+ObF9C=wuJ17BLA6ZD9N=3DuEoL9iohsKPsZeg@mail.gmail.com> <4F1352EF.60508@gmx.de> <CAJE5ia-vYV7FmTotEpxnSVBNry1XPqpjPxXs=hbNtNyDQZM31g@mail.gmail.com> <4F135B3C.5080508@gmx.de>
From: Adam Barth <ietf@adambarth.com>
Date: Sun, 15 Jan 2012 15:12:31 -0800
Message-ID: <CAJE5ia-Q3h--c4GoxQQB3h_e1Sdj7f183yhXQ6=CwYjmsfm7hQ@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2012 23:13:04 -0000

On Sun, Jan 15, 2012 at 3:03 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2012-01-15 23:55, Adam Barth wrote:
>> On Sun, Jan 15, 2012 at 2:27 PM, Julian Reschke<julian.reschke@gmx.de>
>>  wrote:
>>> On 2012-01-15 23:24, Adam Barth wrote:
>>>> On Sun, Jan 15, 2012 at 2:11 PM, Julian Reschke<julian.reschke@gmx.de>
>>>>  wrote:
>>>>> On 2012-01-15 22:53, Adam Barth wrote:
>>>>>> ...
>>>>>>
>>>>>> It's definitely messy.
>>>>>>
>>>>>> I don't think it matters much what we write in this document.  Even if
>>>>>> we spec quoted-string, I doubt many folks will implement it.  However,
>>>>>> we can deal with that problem when it comes time to add extension
>>>>>> values that actually used quoted-string.
>>>>>> ...
\>>>>>
>>>>> Apologies for the direct question: just 14 days ago you stated that you
>>>>> did
>>>>> not implement q-s in Chrome, and that you don't intend to:
>>>>>
>>>>> AB>    Chrome does not (and will not) implement quoted-string for the
>>>>> STS
>>>>> AB>    header for the reasons I've explained previously.  You're
>>>>> welcome to
>>>>> AB>    file bugs, but I'm just going to close them WONTFIX.
>>>>>
>>>>> That's somewhat different from what you say now.
>>>>>
>>>>> Is "the extensions do not exist yet" the excuse for not implementing
>>>>> what
>>>>> the spec says? Will you be around for fixing Chrome when the first bug
>>>>> reports because of broken extensions come in?
>>>>
>>>>
>>>> I don't plan to implement quoted-string in Chrome.  I'm saying that
>>>> I'm not going to object to writing quoted-string into the spec.  I
>>>> still think it's a bad idea, but I'm dropping my objection to it.
>>>
>>>
>>> So when the bug reports come in, *somebody else* is going to fix Chrome?
>>>
>>> I really want to know.
>>
>>
>> I doubt it will be high on anyone's priority list.  If you'd like to
>> implement it, you're welcome to submit a patch.  (Of course, I can't
>> promise that the patch will be accepted.)
>> ...
>
>
> 14 days ago you said:
>
>> Chrome does not (and will not) implement quoted-string for the STS
>> header for the reasons I've explained previously.  You're welcome to
>> file bugs, but I'm just going to close them WONTFIX.
>
> Has this changed? Will patches be closed as WONTFIX no matter how good they
> are?

I'll state my opinion about the patch, which hasn't changed.  However,
it's an open source project.  You're welcome to submit whatever
patches you like.  They'll get reviewed and discussed, just like any
other patches.

> It *really* would be helpful if you would clearly state your position. And
> also clarify on whose behalf you are speaking here.

Am I not being clear?  I'm not going to implemented quoted-string, and
I doubt that many other folks will either.  I'm no longer objecting to
including quoted-string in the spec (although I believe including it
is the wrong decision).

As is customary at the IETF, I speak for myself.

Adam

v2.23.0 | Report a Bug | By Email