Brian Smith wrote: > "\d" and "d" mean the same thing according to the definition > of quoted-string in RFC 2616, AFAICT. We are supposed to > unescape quoted-strings before processing them, right? That is a dark corner in the spec. RFC 2617 specifies unq(X) as "the value of the quoted-string X without the surrounding quotes". RFC 2831 adopted this algorithm in its <qdstr-val>. I-D 2831bis was about to change it, but the SASL folks later decided to give up on updating RFC 2831 as hopeless case - an unfixed erratum in RFC 2617 rendered "md5-sess" in RFC 2831 and RFC 2617 as incompatible, among other Digest-MD5 issues. Whatever you do - please be very clear about it, add MUSTard, a note in the 2616bis security considerations, and recommend "future work" for a 2617bis based on 2616bis. FrankReceived on Wednesday, 30 April 2008 00:24:53 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:38 GMT