W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

Re: Semantic meaning of double quotation marks delimiting quoted-string

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 12 Nov 2007 16:52:44 +1100
Message-Id: <002A73F9-C4CA-4142-98EA-163D7D410622@mnot.net>
Cc: Henrik Nordstrom <henrik@henriknordstrom.net>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
To: Geoffrey Sneddon <foolistbar@googlemail.com>

I think that the right way to do this is find the situations where  
comparison functions aren't well-defined, and tighten those up.

ETag doesn't seem like it needs this (while the definition of the  
comparison function is a bit informal, there's not much wiggle room  
for getting it wrong, as Julian points out). Digest seems like it  
might; where else?


On 30/10/2007, at 5:37 AM, Geoffrey Sneddon wrote:
> On 29 Oct 2007, at 02:06, Henrik Nordstrom wrote:
>> To compare two quoted-string elements you need to dequote them  
>> including
>> removing escapes, but in practice it doesn't matter much as people  
>> are
>> not usually escaping things within quoted-string unless needed (but
>> sometimes forget when needed, partly due to poor specifications,  
>> already
>> fixed).
>> This is quite notable in for example Digest authentication where  
>> proper
>> handling of quoted-string is required for the hashes to compute  
>> properly
>> as they are based on the value as such and not the quoted-string
>> representation. (i.e a login name with " or \ in it..)
>> It's in theory also needed for ETag processing, but it's less  
>> noticeable
>> as impacts on the protocol of getting this wrong is pretty minimal.
> Can we put something like the above quotation into the spec, so it  
> is actually spelt out somewhere (as it currently isn't, at all)?
> All the best,
> Geoffrey Sneddon.

Mark Nottingham     http://www.mnot.net/
Received on Monday, 12 November 2007 05:56:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC