- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 12 Nov 2007 16:52:44 +1100
- To: Geoffrey Sneddon <foolistbar@googlemail.com>
- Cc: Henrik Nordstrom <henrik@henriknordstrom.net>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
I think that the right way to do this is find the situations where comparison functions aren't well-defined, and tighten those up. ETag doesn't seem like it needs this (while the definition of the comparison function is a bit informal, there's not much wiggle room for getting it wrong, as Julian points out). Digest seems like it might; where else? Cheers, On 30/10/2007, at 5:37 AM, Geoffrey Sneddon wrote: > On 29 Oct 2007, at 02:06, Henrik Nordstrom wrote: > >> To compare two quoted-string elements you need to dequote them >> including >> removing escapes, but in practice it doesn't matter much as people >> are >> not usually escaping things within quoted-string unless needed (but >> sometimes forget when needed, partly due to poor specifications, >> already >> fixed). >> >> This is quite notable in for example Digest authentication where >> proper >> handling of quoted-string is required for the hashes to compute >> properly >> as they are based on the value as such and not the quoted-string >> representation. (i.e a login name with " or \ in it..) >> >> It's in theory also needed for ETag processing, but it's less >> noticeable >> as impacts on the protocol of getting this wrong is pretty minimal. > > Can we put something like the above quotation into the spec, so it > is actually spelt out somewhere (as it currently isn't, at all)? > > All the best, > > Geoffrey Sneddon. > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 12 November 2007 05:56:27 UTC