W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

Re: Message delimiting security issues

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 17 Jan 2007 17:50:39 +0100
Message-ID: <45AE53DF.7060804@gmx.de>
To: Henrik Nordstrom <henrik@henriknordstrom.net>, "William A. Rowe, Jr." <wrowe@rowe-clan.net>, Mark Nottingham <mnot@mnot.net>, Scott Lawrence <scott@skrb.org>, "Roy T.Fielding" <fielding@gbiv.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>

Travis Snoozy schrieb:
> On Wed, Jan 17, 2007 at 11:47:33AM +0100, Henrik Nordstrom wrote:
> <snip>
>> Does the implied LWS rule apply to header names, even if it's not
>> allowed in MIME? Allowing LWS around the header name does not make
>> sense, but it is not explicitly forbidden.
> 
> LWS is not allowed.
> 
> <snip>
>> Content-Length : 100
> 
> BNF makes it clear.
> 
> token          = 1*<any CHAR except CTLs or separators>
> message-header = field-name ":" [ field-value ]
> field-name     = token
> separator      = [...] | SP | HT
> ...

Are you aware of the "implied LWS" rule? 
(<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.2.1.p.11>).

Best regards, Julian
Received on Wednesday, 17 January 2007 16:50:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:00 GMT