- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 28 Oct 2022 18:24:30 +0200
- To: ietf-http-wg@w3.org
On 27.09.2022 01:01, Mark Nottingham wrote:
> ...
<https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-13.html#section-2.1>
says:
> Unless overridden by additional parameters and rules, the HTTP field
value MUST be canonicalized as a single combined value as defined in
Section 5.2 of [HTTP].
...but later on it specifies...:
> Concatenate the list of values together with a single comma (",") and
a single space (" ") between each item.
...which is inconsistent with Section 5.2's definition of "combined value":
> When a field name is repeated within a section, its combined field
value consists of the list of corresponding field line values within
that section, concatenated in order, with each field line value
separated by a comma.
Not good. This message-signatures spec can likely work-around this by
not referring to the definition of "combined field value" from 5.2 --
but we may have to discuss this as an issue in the core spec (which goes
on with an example where SP is indeed inserted, and Section 5.3 which
explicitly allows that).
Best regards, Julian
Received on Friday, 28 October 2022 16:24:45 UTC