W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [Integrity] typos with ni URIs

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 14 Jan 2015 19:42:33 -0800
Message-ID: <CABkgnnUx-bzTiLSPkpCfanSVSagNuffsBGQ1rAeW6vBZ14sFYg@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
On 14 January 2015 at 17:37, Brian Smith <brian@briansmith.org> wrote:
>>   "The digest value MUST be encoded using the base64url
>>
>>    [RFC4648] encoding, with no "=" padding characters."
>
> The specification shouldn't forbid the "=" padding characters. The
> fact that the draft specification has included the padding multiple
> times is good evidence that authors are going to include the padding
> too. It is trivial for an implementation to strip the padding. The
> specification should be changed to allow the padding and to require
> implementations to strip it. This would make the spec more "webby" and
> author-friendly.

I know a lot of base64 libs accept the '+/' and '-_' variants
interchangeably as well.  Is that something that should be accepted or
not?

For new stuff, I consider Postel's "accept any old trash" maxim as bad
advice; and generally consider it to be fatalistic when it comes to
old junk, recogizing the that at some point correctness has to yield
to interoperability.  Is ni:// that decrepit already?
Received on Thursday, 15 January 2015 03:42:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC