Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)
Julian Reschke <julian.reschke@gmx.de> Sun, 15 January 2012 23:03 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF56321F8480 for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:03:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.492
X-Spam-Level:
X-Spam-Status: No, score=-103.492 tagged_above=-999 required=5 tests=[AWL=-0.893, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tvh9PzbypF95 for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:03:35 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id EF83621F84D7 for <websec@ietf.org>; Sun, 15 Jan 2012 15:03:30 -0800 (PST)
Received: (qmail invoked by alias); 15 Jan 2012 23:03:27 -0000
Received: from p5DCC2944.dip.t-dialin.net (EHLO [192.168.178.36]) [93.204.41.68] by mail.gmx.net (mp059) with SMTP; 16 Jan 2012 00:03:27 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX194OF4sau941KuFpLlliq18JptRxFPPdQO+danhOI KJzz/+0UMVKi5D
Message-ID: <4F135B3C.5080508@gmx.de>
Date: Mon, 16 Jan 2012 00:03:24 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <4F10CB26.2000206@KingsMountain.com> <CAJE5ia9-_KcDcm1Ac51PQt0XOGXmXnQjabMnDd1QihU_MGkBZA@mail.gmail.com> <4F134EF6.5050208@gmx.de> <CAJE5ia8gZt6=+ObF9C=wuJ17BLA6ZD9N=3DuEoL9iohsKPsZeg@mail.gmail.com> <4F1352EF.60508@gmx.de> <CAJE5ia-vYV7FmTotEpxnSVBNry1XPqpjPxXs=hbNtNyDQZM31g@mail.gmail.com>
In-Reply-To: <CAJE5ia-vYV7FmTotEpxnSVBNry1XPqpjPxXs=hbNtNyDQZM31g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2012 23:03:36 -0000
On 2012-01-15 23:55, Adam Barth wrote: > On Sun, Jan 15, 2012 at 2:27 PM, Julian Reschke<julian.reschke@gmx.de> wrote: >> On 2012-01-15 23:24, Adam Barth wrote: >>> >>> On Sun, Jan 15, 2012 at 2:11 PM, Julian Reschke<julian.reschke@gmx.de> >>> wrote: >>>> >>>> On 2012-01-15 22:53, Adam Barth wrote: >>>>> >>>>> ... >>>>> >>>>> It's definitely messy. >>>>> >>>>> I don't think it matters much what we write in this document. Even if >>>>> we spec quoted-string, I doubt many folks will implement it. However, >>>>> we can deal with that problem when it comes time to add extension >>>>> values that actually used quoted-string. >>>>> ... >>>> >>>> >>>> Apologies for the direct question: just 14 days ago you stated that you >>>> did >>>> not implement q-s in Chrome, and that you don't intend to: >>>> >>>> AB> Chrome does not (and will not) implement quoted-string for the STS >>>> AB> header for the reasons I've explained previously. You're welcome to >>>> AB> file bugs, but I'm just going to close them WONTFIX. >>>> >>>> That's somewhat different from what you say now. >>>> >>>> Is "the extensions do not exist yet" the excuse for not implementing what >>>> the spec says? Will you be around for fixing Chrome when the first bug >>>> reports because of broken extensions come in? >>> >>> I don't plan to implement quoted-string in Chrome. I'm saying that >>> I'm not going to object to writing quoted-string into the spec. I >>> still think it's a bad idea, but I'm dropping my objection to it. >> >> So when the bug reports come in, *somebody else* is going to fix Chrome? >> >> I really want to know. > > I doubt it will be high on anyone's priority list. If you'd like to > implement it, you're welcome to submit a patch. (Of course, I can't > promise that the patch will be accepted.) > ... 14 days ago you said: > Chrome does not (and will not) implement quoted-string for the STS > header for the reasons I've explained previously. You're welcome to > file bugs, but I'm just going to close them WONTFIX. Has this changed? Will patches be closed as WONTFIX no matter how good they are? It *really* would be helpful if you would clearly state your position. And also clarify on whose behalf you are speaking here. Best regards, Julian
- [websec] of quoted-string header field param valu… =JeffH
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Adam Barth
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Adam Barth
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Adam Barth
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Adam Barth
- Re: [websec] of quoted-string header field param … =JeffH
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Manger, James H
- Re: [websec] of quoted-string header field param … Julian Reschke
- Re: [websec] of quoted-string header field param … Julian Reschke