[Specification] Clarify the specification of field udata

[ggramaize]

Hi,

According to the current version of the session ticket format specification, nothing is told on how the field udata should be handled if the user-supplied value contains a semicolon.

In my humble opinion, making ';' a forbidden character and specifying that the ticket generation MUST fail if the format condition is violated is the best compromise for backward compatibility.

The alternative would be to transparently escape the string in a format which needs to be determined (urlencode?), and specify how the ticket generator should behave when the escaped string exceeds 255 characters.

Kind regards,