W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

RE: Large content size value

From: Travis Snoozy (Volt) <a-travis@microsoft.com>
Date: Fri, 5 Jan 2007 11:34:53 -0800
To: David Morris <dwm@xpasc.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <86EDC3963F04D546BED8996F77D290F6049D118279@NA-EXMSG-C138.redmond.corp.microsoft.com>

David Morris said:
> The bottom line is that if the content length is too long for the client
> to represent, it surely isn't going to do byte-ranges or anything else to
> retrieve the pieces which it then isn't going to have anyway to deliver to
> the end user anyway. A total waste of time to send a 4G file w/o
> content-length to a client which can't use it.

Well, from that perspective, it's an even bigger waste for a server that
generates a 4+GiB file (say, dynamically) and transmits it with the chunked
encoding (with chunks being <4GiB each). That's another case I'd like to
test, but it would require a slightly-more-than-trivial amount of setup.

> Either the server can correctly represent the content length or it can't
> and whether or not it can correctly serve the response.
> I think it reasonable that any server be expected to detect when it can't
> and report an error. I think it reasonable to expect a client to know when
> it can't convert the content length ascii string to a value it understands
> and reject the response as being in error.

It may be splitting hairs, but the response isn't in error; the client's
implementer made a design decision (conscious or not). There is no error,
only a refusal to accept on the client's part.

> Furthermore, it is reasonable for a client to reject a response it knows
> is too large, as soon as it knows that a size constraint has been
> exceeded.

> I don't see how these expectations can be added to the protocol in a
> meaningful way w/o bumping the version.

Well, aside from providing strong recommendations that aren't real
requirements, perhaps, and making explicit things that might have been
heavily implied or intended. It's certainly tricky. :\

> It would have been useful 10 years ago if we'd had the foresight to add
> resource negotiation to the protocol in a similar fashion to language,
> etc.

Hindsight is 20/20, and it's not like the spec doesn't consider a slew of
obscure-but-important contingencies already. The big questions are, how do
we fix it, and how do we avoid making the same mistake twice.

> Working from memory, seems like we had some text regarding precision in
> what is send and tolerance in what is accepted. Perhaps adding text there
> to highlight the additional burden of modern systems and native object
> sizes in terms of fields like content-length AND chunked encoding length
> segments.

I'm all for a mention in section 15 and/or 19 -- something is better than

> We can happily talk about good programming standards, but unfortunately
> the C library includes a number of commonly used conversion functions
> which don't behave well in the presense of invalid input. They set a bad
> example for the average software engineer and probably generate a
> requirement for cautionary language where it shouldn't be required.


Well, IIRC (I don't have my man pages with me), strtol et. al. are spec'd to
do the Right Thing: saturate, and set an error code. Now, whether or not C
library implementations adhere to the spec, or programmers check for the
error, I can't say. But ANSI C shouldn't steer folks wrong here. Unless you had other function(s) in mind...?


-- Travis
Received on Friday, 5 January 2007 19:35:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:41 UTC