Re: [websec] Strict-Transport-Security syntax redux

Bjoern Hoehrmann <derhoermi@gmx.net> Mon, 09 January 2012 00:10 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0325021F8536 for <websec@ietfa.amsl.com>; Sun, 8 Jan 2012 16:10:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.246
X-Spam-Level:
X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[AWL=0.353, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oCOs+xx6EY0 for <websec@ietfa.amsl.com>; Sun, 8 Jan 2012 16:10:36 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id CA63821F8534 for <websec@ietf.org>; Sun, 8 Jan 2012 16:10:35 -0800 (PST)
Received: (qmail invoked by alias); 09 Jan 2012 00:10:15 -0000
Received: from dslb-094-223-221-170.pools.arcor-ip.net (EHLO HIVE) [94.223.221.170] by mail.gmx.net (mp062) with SMTP; 09 Jan 2012 01:10:15 +0100
X-Authenticated: #723575
X-Provags-ID: V01U2FsdGVkX18PVw0MsgQPJ97LDfGt6nhU845KboDOVVasIT0WyM 6j0uOfKRHw2tD6
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
Date: Mon, 09 Jan 2012 01:10:16 +0100
Message-ID: <aoakg7l45gfcrj731u6k652hjofhv12ocl@hive.bjoern.hoehrmann.de>
References: <CAJE5ia-E1nhN1YGV6uy3uEq4oboQowDm4FboKbWV1kunHQmXPw@mail.gmail.com> <4EFCDDD5.6040005@gmx.de> <CAJE5ia8CL9ozRJgRNCdu6XwVT0paVuVUreB12f-BiMvH+wiq6A@mail.gmail.com> <4EFD73E6.1060506@gmx.de> <CAJE5ia8RBa8iCd_9TjXyzG54VASa6qqGomsO9gL-qQ2ia=BKLg@mail.gmail.com> <4EFD7C09.9050702@gmx.de> <CAJE5ia8aN_MKUX_7ehp6siw=CY7nC4aSRPoPcsaDX8+emwaFVw@mail.gmail.com> <4EFD8BCE.7010909@gmx.de> <CAJE5ia9cziSx-xb6nCEFXJkbu2Ls_ZQmYHpfrC7UK3ig3ZmM2g@mail.gmail.com> <4F052D2E.5050200@gondrom.org>
In-Reply-To: <4F052D2E.5050200@gondrom.org>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: websec@ietf.org
Subject: Re: [websec] Strict-Transport-Security syntax redux
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2012 00:10:37 -0000

* Tobias Gondrom wrote:
><hat="chair>
>as it seems there is disagreement on how to resolve this, with only very 
>few people having spoken out so far, I would like to invite comments 
>from other working group members on this topic to see whether we might 
>have missed something.

It seems to me that all headers defined in RFC 2616 that allow para-
meteter lists of the `;name=value` form allow the value to be a quoted
string. If the Working Group wishes to disallow quoted strings, then
it should use a format that's very different from the existing syntax,
like `name=value&name=other%20value` or JSON or whatever. "Similar but
slightly different" always translate into bugs.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/