Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive name" and "directive value"
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 09 July 2012 21:03 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9449C11E81CA for <websec@ietfa.amsl.com>; Mon, 9 Jul 2012 14:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.781
X-Spam-Level:
X-Spam-Status: No, score=-101.781 tagged_above=-999 required=5 tests=[AWL=0.819, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uD+dZa2koyzT for <websec@ietfa.amsl.com>; Mon, 9 Jul 2012 14:03:49 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id D07B911E8171 for <websec@ietf.org>; Mon, 9 Jul 2012 14:03:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1341867853; d=isode.com; s=selector; i=@isode.com; bh=qSj9QbpaRYEORSJTKr7QSQDrNHIzs6LmEvT7SqA354k=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=LHYDliUf4jTgMRc1K/qd171uy3kUaitwBmbLI0PQ3nbWBxIk8dNPhqgkhhM7v+gtdj8chh Ojtar46qeRYu7iaR+dJPTyqmie3DZwat1pv+R5ffXfPL4WSmqzClarhzwiAeW9uagCGqAy 823stDh72BMkvpg8PXjPc6xW+4SQpXk=;
Received: from [188.29.184.237] (188.29.184.237.threembb.co.uk [188.29.184.237]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <T=tHTQAClCmX@statler.isode.com>; Mon, 9 Jul 2012 22:04:13 +0100
References: <CALaySJLZBab-YZyYp_LpDuZ3MM-QxwA6XJjiw-RZejWcQH4cCA@mail.gmail.com>
In-Reply-To: <CALaySJLZBab-YZyYp_LpDuZ3MM-QxwA6XJjiw-RZejWcQH4cCA@mail.gmail.com>
Message-Id: <6000324A-6083-4010-B8F2-E9DF23125F49@isode.com>
X-Mailer: iPad Mail (9B206)
From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Mon, 09 Jul 2012 22:04:07 +0100
To: Barry Leiba <barryleiba@computer.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Cc: "websec@ietf.org" <websec@ietf.org>
Subject: Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive name" and "directive value"
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 21:03:49 -0000
Hi Barry, On 9 Jul 2012, at 21:30, Barry Leiba <barryleiba@computer.org> wrote: > The following came up in my AD review of > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > needed to take it to the list. So here it is. > > The ABNF in Section 6.1 has this: > > directive = token [ "=" ( token | quoted-string ) ] > > Below that, bullet 3 says this: > > 3. Directive names are case-insensitive. > > And in Section 6.1.1: > > The syntax of the max-age directive's value (after quoted-string > unescaping, if necessary) is defined as: > > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. > > Making the grammar like this will fix it: > > directive = directive-name [ "=" directive-value ] > directive-name = token > directive-value = token | quoted-string This looks reasonable to me. > > If there's a good reason not to make the ABNF change above, I'm happy > to accept some other way of defining the terms, but I think they must > be defined. I think doing it with the ABNF is the easiest and > smoothest way.
- [websec] draft-ietf-websec-strict-transport-sec i… Barry Leiba
- Re: [websec] draft-ietf-websec-strict-transport-s… Adam Barth
- Re: [websec] draft-ietf-websec-strict-transport-s… Alexey Melnikov