STATUS100 Re: Proposed resolution

** Reply to note from "Scott Lawrence" <lawrence@agranat.com> Thu, 17 Jul 1997 10:33:32 -0400
>  An observation: I find it interesting that the set of rules to limit 
>  use of 100 Continue seems to require such a long specification, 
>  given that the original mechanism was so simple...
Perhaps, as Koen suggested, we should use Occam's razor to cut this
from the spec.  

[...]

JM>    o  An origin server SHOULD NOT send a 100 (Continue) response if
JM>       has already received some or all of the request body for the
JM>       corresponding request.
>   
>     - I think that it is poor design to encourage look-ahead in the
>       data stream to determine whether or not body has been received.
I agree completely.

[...]
JM>...
JM>    o  If an origin server receives a request that does not include an
JM>       "Expect" request-header field with the "100-continue"
JM>       expectation, and the request includes a request body, and the
JM>       server responds with an error status before reading the entire
JM>       request body from the transport connection, then the server
JM>       SHOULD NOT close the transport connection until it has read the
JM>       entire request, or until the client closes the connection.
JM>       Otherwise, the client may not reliably receive the response
JM>       message.
This is excellent advice, but it does expose the server implementer to
attacks where the amount of data is *very* large or the datastream is
self-defining (e.g. chunked).

[...]
>   
> --
> Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
> Agranat Systems, Inc.        Engineering            http://www.agranat.com/
>   
> 
 

Richard L. Gray
chocolate - the One True food group

Received on Thursday, 17 July 1997 13:23:39 UTC