W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

RE: WGLC issue: token68 in p7

From: Manger, James H <James.H.Manger@team.telstra.com>
Date: Wed, 20 Mar 2013 11:46:35 +1100
To: Bjoern Hoehrmann <derhoermi@gmx.net>, Julian Reschke <julian.reschke@gmx.de>
CC: Ken Murchison <murch@andrew.cmu.edu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <255B9BB34FB7D647A506DC292726F6E1150BB43CCB@WSMSG3153V.srv.dir.telstra.com>
Björn,

'=' is only allowed at the end to ensure the syntax is unambiguous.
A token68 value can only be distinguished from an auth-param
(token = (token / quoted-string)) due to this restriction.

Let's keep token68 as it is.

--
James Manger

> -----Original Message-----
> From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net]
> Sent: Wednesday, 20 March 2013 11:37 AM
> To: Julian Reschke
> Cc: Ken Murchison; ietf-http-wg@w3.org
> Subject: Re: WGLC issue: token68 in p7
> 
> * Julian Reschke wrote:
> >On 2013-03-19 14:59, Ken Murchison wrote:
> >> Since the ABNF for token68 appears to only use "=" as padding for
> >> base64 and base32 encoding, I would suggest changing
> >>
> >> *"="
> >>
> >> to
> >>
> >> *6"="
> >>
> >> since base64 requires no more than 2 padding chars and base32
> >> requires no more than 6.
> >> ...
> >
> >We probably could. On the other hand, I'd like to avoid the impression
> >that parsing per ABNF is sufficient to check validity of arguments;
> >therefore, I'm reluctant to put even more information into the ABNF.
> 
> Since the exact number depends on the scheme, I see no reason to define
> any maximum here, especially because they would have other constraints.
> That said, right below the definition of token68 it would be useful to
> have a reference to "Considerations for New Authentication Schemes" as
> that explains why token68 exists (and I would probably allow the `=`
> character anywhere in token68 instead of just the end if that is only
> due to baseX constraints, precisely to avoid the impression that it is
> baseX-specific rather than scheme-specific).
> --
> Björn Höhrmann · mailto:bjoern@hoehrmann.de ·
> http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681
> · http://www.bjoernsworld.de

> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/


Received on Wednesday, 20 March 2013 00:47:11 GMT

This archive was generated by hypermail 2.3.1 : Wednesday, 20 March 2013 00:47:13 GMT