Inconsistent use of space character in section C Test Values

[sebastien-rosset]

I know in section C there is a preamble that states: THESE TEST VECTORS ARE OLD AND POSSIBLY WRONG.

Nevertheless, there is some inconsistent use of space characters in the examples. Specifically in section C.3, the following example is provided. Notice there is no space before "algorithm", but there is a space before "expires".

   The Authorization header would be:

   Authorization: Signature keyId="Test",algorithm="rsa-sha256",
     created=1402170695, expires=1402170699,
     headers="(request-target) (created) (expires)
       host date content-type digest content-length",
     signature="vSdrb+dS3EceC9bcwHSo4MlyKS59iFIrhgYkz8+oVLEEzmYZZvRs
       8rgOp+63LEM3v+MFHB32NfpB2bEKBIvB1q52LaEUHFv120V01IL+TAD48XaERZF
       ukWgHoBTLMhYS2Gb51gWxpeIq8knRmPnYePbF5MOkR0Zkly4zKH7s1dE="

The ABNF notation for the "Authorization" field in rfc 7235 is:

Authorization = credentials
auth-param = token BWS "=" BWS ( token / quoted-string )
credentials = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param )
    *( OWS "," [ OWS auth-param ] ) ] ) ]

The BWS rule is used where the grammar allows optional whitespace only for historical reasons. A sender MUST NOT generate BWS in messages. A recipient MUST parse for such bad whitespace and remove it before interpreting the protocol element.

Based on the above I think the HTTP signature specification should NOT provide examples where the auth parameters in the "Authorization" header have white spaces. In other words, spaces are tolerated, but implementation must not use them.