Re: [websec] [apps-discuss] ABNF references (was RE: AppsDir review of draft-ietf-websec-strict-transport-sec)

"Roy T. Fielding" <> Wed, 02 May 2012 19:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 75DE021E80BD; Wed, 2 May 2012 12:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.009
X-Spam-Status: No, score=-106.009 tagged_above=-999 required=5 tests=[AWL=-3.410, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IJd4y3uoxPKq; Wed, 2 May 2012 12:32:40 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B6D6421E8056; Wed, 2 May 2012 12:32:40 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 1A1662AC07A; Wed, 2 May 2012 12:32:39 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns;; b=xgrHMQnursLACXgB tVS+x63EGzggrYWDpwgHeQgnifClaM4g3WRz52lNJ604vPSwmyBc58qrRM/+U+RT 9KV6YD9zNvd2QFTDwT9wAfQ6BKMfWGx6N4pFLjvzhpaeshOoxlwrE8yZFkbY0Uzu VFjXbvA9i7EgeFDRO8I/OId11ko=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to;; bh=SDGvZ0OzO3ZRMborggBvoT64Kvs=; b=g8Rk5yVTB0zF6hGd56uw76UlTD6Q U9zYlDO3Psc4XSpQ5C0bkqg8DKWheErP8GoAoNScO+x8a5FQechdYdMsK0SNYZFf 7Rl1iWUbB1sUxs8TrWlJDFud9WYLI3EBFIpIKLnRyhLOrRysoAdiw5Y5tLqHLT0w ++5j6opLbmxoeSw=
Received: from [] ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 7EB8D2AC0A9; Wed, 2 May 2012 12:32:04 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <>
In-Reply-To: <>
Date: Wed, 02 May 2012 12:32:03 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <>
To: "Murray S. Kucherawy" <>
X-Mailer: Apple Mail (2.1257)
Cc: Julian Reschke <>, IETF WebSec WG <>, IETF Apps Discuss <>
Subject: Re: [websec] [apps-discuss] ABNF references (was RE: AppsDir review of draft-ietf-websec-strict-transport-sec)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 May 2012 19:32:41 -0000

On May 2, 2012, at 10:48 AM, Murray S. Kucherawy wrote:
> 2) There's a common axiom that says it's safer to refer to a definition rather than to copy it.

I think we should recognize that as a false axiom and move on.

We should refer to orthogonal definitions that are subject to
independent change control -- e.g., protocol elements that are
defined in another spec because they change at a different
rate than the referring spec or are used by multiple specs.

We should copy a definition by value if the referring spec
depends on the definition (does not allow the parser to change
even if some other spec were to define it and later extend it).

My preference is to not use prose definitions at all -- I used
them as a crutch when I first started writing IETF specs in 1994,
and they burned me every time.

And if we go down the slippery slope, I would love to have a
formal definition of set reduction, as in


since I very commonly need rules that only differ by one or two
characters being removed from the allowed set.