W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: I-D ACTION:draft-nottingham-http-link-header-01.txt

From: Frank Ellermann <nobody@xyzzy.claranet.de>
Date: Wed, 30 Apr 2008 02:26:46 +0200
To: ietf-http-wg@w3.org
Message-ID: <fv8e74$q11$1@ger.gmane.org>

Brian Smith wrote:

> "\d" and "d" mean the same thing according to the definition
> of quoted-string in RFC 2616, AFAICT. We are supposed to
> unescape quoted-strings before processing them, right?

That is a dark corner in the spec.  RFC 2617 specifies unq(X)
as "the value of the quoted-string X without the surrounding
quotes".  RFC 2831 adopted this algorithm in its <qdstr-val>.

I-D 2831bis was about to change it, but the SASL folks later
decided to give up on updating RFC 2831 as hopeless case - an
unfixed erratum in RFC 2617 rendered "md5-sess" in RFC 2831
and RFC 2617 as incompatible, among other Digest-MD5 issues.  

Whatever you do - please be very clear about it, add MUSTard,
a note in the 2616bis security considerations, and recommend
"future work" for a 2617bis based on 2616bis.

Received on Wednesday, 30 April 2008 00:24:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:45 UTC