Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)

Julian Reschke <julian.reschke@gmx.de> Sun, 15 January 2012 23:03 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF56321F8480 for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:03:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.492
X-Spam-Level:
X-Spam-Status: No, score=-103.492 tagged_above=-999 required=5 tests=[AWL=-0.893, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tvh9PzbypF95 for <websec@ietfa.amsl.com>; Sun, 15 Jan 2012 15:03:35 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id EF83621F84D7 for <websec@ietf.org>; Sun, 15 Jan 2012 15:03:30 -0800 (PST)
Received: (qmail invoked by alias); 15 Jan 2012 23:03:27 -0000
Received: from p5DCC2944.dip.t-dialin.net (EHLO [192.168.178.36]) [93.204.41.68] by mail.gmx.net (mp059) with SMTP; 16 Jan 2012 00:03:27 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX194OF4sau941KuFpLlliq18JptRxFPPdQO+danhOI KJzz/+0UMVKi5D
Message-ID: <4F135B3C.5080508@gmx.de>
Date: Mon, 16 Jan 2012 00:03:24 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <4F10CB26.2000206@KingsMountain.com> <CAJE5ia9-_KcDcm1Ac51PQt0XOGXmXnQjabMnDd1QihU_MGkBZA@mail.gmail.com> <4F134EF6.5050208@gmx.de> <CAJE5ia8gZt6=+ObF9C=wuJ17BLA6ZD9N=3DuEoL9iohsKPsZeg@mail.gmail.com> <4F1352EF.60508@gmx.de> <CAJE5ia-vYV7FmTotEpxnSVBNry1XPqpjPxXs=hbNtNyDQZM31g@mail.gmail.com>
In-Reply-To: <CAJE5ia-vYV7FmTotEpxnSVBNry1XPqpjPxXs=hbNtNyDQZM31g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2012 23:03:36 -0000

On 2012-01-15 23:55, Adam Barth wrote:
> On Sun, Jan 15, 2012 at 2:27 PM, Julian Reschke<julian.reschke@gmx.de>  wrote:
>> On 2012-01-15 23:24, Adam Barth wrote:
>>>
>>> On Sun, Jan 15, 2012 at 2:11 PM, Julian Reschke<julian.reschke@gmx.de>
>>>   wrote:
>>>>
>>>> On 2012-01-15 22:53, Adam Barth wrote:
>>>>>
>>>>> ...
>>>>>
>>>>> It's definitely messy.
>>>>>
>>>>> I don't think it matters much what we write in this document.  Even if
>>>>> we spec quoted-string, I doubt many folks will implement it.  However,
>>>>> we can deal with that problem when it comes time to add extension
>>>>> values that actually used quoted-string.
>>>>> ...
>>>>
>>>>
>>>> Apologies for the direct question: just 14 days ago you stated that you
>>>> did
>>>> not implement q-s in Chrome, and that you don't intend to:
>>>>
>>>> AB>    Chrome does not (and will not) implement quoted-string for the STS
>>>> AB>    header for the reasons I've explained previously.  You're welcome to
>>>> AB>    file bugs, but I'm just going to close them WONTFIX.
>>>>
>>>> That's somewhat different from what you say now.
>>>>
>>>> Is "the extensions do not exist yet" the excuse for not implementing what
>>>> the spec says? Will you be around for fixing Chrome when the first bug
>>>> reports because of broken extensions come in?
>>>
>>> I don't plan to implement quoted-string in Chrome.  I'm saying that
>>> I'm not going to object to writing quoted-string into the spec.  I
>>> still think it's a bad idea, but I'm dropping my objection to it.
>>
>> So when the bug reports come in, *somebody else* is going to fix Chrome?
>>
>> I really want to know.
>
> I doubt it will be high on anyone's priority list.  If you'd like to
> implement it, you're welcome to submit a patch.  (Of course, I can't
> promise that the patch will be accepted.)
> ...

14 days ago you said:

 > Chrome does not (and will not) implement quoted-string for the STS
 > header for the reasons I've explained previously.  You're welcome to
 > file bugs, but I'm just going to close them WONTFIX.

Has this changed? Will patches be closed as WONTFIX no matter how good 
they are?

It *really* would be helpful if you would clearly state your position. 
And also clarify on whose behalf you are speaking here.

Best regards, Julian