- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 14 Jan 2015 19:42:33 -0800
- To: Brian Smith <brian@briansmith.org>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
On 14 January 2015 at 17:37, Brian Smith <brian@briansmith.org> wrote: >> "The digest value MUST be encoded using the base64url >> >> [RFC4648] encoding, with no "=" padding characters." > > The specification shouldn't forbid the "=" padding characters. The > fact that the draft specification has included the padding multiple > times is good evidence that authors are going to include the padding > too. It is trivial for an implementation to strip the padding. The > specification should be changed to allow the padding and to require > implementations to strip it. This would make the spec more "webby" and > author-friendly. I know a lot of base64 libs accept the '+/' and '-_' variants interchangeably as well. Is that something that should be accepted or not? For new stuff, I consider Postel's "accept any old trash" maxim as bad advice; and generally consider it to be fatalistic when it comes to old junk, recogizing the that at some point correctness has to yield to interoperability. Is ni:// that decrepit already?
Received on Thursday, 15 January 2015 03:42:59 UTC