W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [Integrity] typos with ni URIs

From: Brian Smith <brian@briansmith.org>
Date: Wed, 14 Jan 2015 17:37:34 -0800
Message-ID: <CAFewVt7ETzXVGhqEq5OZMRmGzx3Z_rsrwP8erNKbmxJoAZzc-A@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: "Manger, James" <James.H.Manger@team.telstra.com>
James Manger wrote:
> The ni:///sha-512 URI in 3.2.1 "Agility" needs to omit the "=" padding at
> the end of the base64url encoded value. See RFC6920 section 3 definition of
> "Digest Value":
>
>   "The digest value MUST be encoded using the base64url
>
>    [RFC4648] encoding, with no "=" padding characters."

The specification shouldn't forbid the "=" padding characters. The
fact that the draft specification has included the padding multiple
times is good evidence that authors are going to include the padding
too. It is trivial for an implementation to strip the padding. The
specification should be changed to allow the padding and to require
implementations to strip it. This would make the spec more "webby" and
author-friendly.

Cheers,
Brian
Received on Thursday, 15 January 2015 01:38:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC