IETF Logo Mail Archive

Re: [websec] Strict-Transport-Security syntax redux

Adam Barth <ietf@adambarth.com> Thu, 29 December 2011 21:19 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3040D21F8B8D for <websec@ietfa.amsl.com>; Thu, 29 Dec 2011 13:19:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XmJ+ToowmK5R for <websec@ietfa.amsl.com>; Thu, 29 Dec 2011 13:19:03 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8C77121F8B87 for <websec@ietf.org>; Thu, 29 Dec 2011 13:19:03 -0800 (PST)
Received: by obcuz6 with SMTP id uz6so11107990obc.31 for <websec@ietf.org>; Thu, 29 Dec 2011 13:19:03 -0800 (PST)
Received: by 10.50.88.170 with SMTP id bh10mr42865583igb.8.1325193543110; Thu, 29 Dec 2011 13:19:03 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id l28sm119040450ibc.3.2011.12.29.13.19.01 (version=SSLv3 cipher=OTHER); Thu, 29 Dec 2011 13:19:01 -0800 (PST)
Received: by iabz21 with SMTP id z21so2352682iab.31 for <websec@ietf.org>; Thu, 29 Dec 2011 13:19:01 -0800 (PST)
Received: by 10.42.148.1 with SMTP id p1mr827749icv.27.1325193541120; Thu, 29 Dec 2011 13:19:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.62.139 with HTTP; Thu, 29 Dec 2011 13:18:31 -0800 (PST)
In-Reply-To: <4EFCD7E4.5060507@gmx.de>
References: <4EAB66B3.4090404@KingsMountain.com> <4EABB25E.9000900@gmx.de> <4EFC5F7B.7050304@gmx.de> <CAJE5ia_HhenArVey=5-ttLqh4-vbBE01TFZKuzAmAtHQJQJ3kQ@mail.gmail.com> <4EFCD7E4.5060507@gmx.de>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 29 Dec 2011 13:18:31 -0800
Message-ID: <CAJE5ia-w47HHhnTBAE_PMApAAdCu=6PJexaaoJO0MZ23Ae-vcw@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] Strict-Transport-Security syntax redux
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 21:19:04 -0000

On Thu, Dec 29, 2011 at 1:13 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2011-12-29 20:50, Adam Barth wrote:
>> ..-
>
>> As I wrote before, I don't think we should include quoted-string in
>> the grammar.  As far as I know, no one has implemented it and I have
>> no plans to implement quoted-string in Chrome.  Having quoted-string
>> in the grammar only leads to pain.,
>
> It would be helpful if you were more precise on the pain it causes,
> considering you need to process extension directives anyway...

We've been over this several times before.  The problem is the
requirement to balance DQUOTE and the complexities surrounding the
error conditions if the DQUOTEs don't balance properly (including
escaping).

Adam

v2.23.0 | Report a Bug | By Email