W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

Re: NEW ISSUE: Transfer-Encoding in 1.0 messages

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 23 Nov 2007 18:23:12 +0100
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: ietf-http-wg@w3.org
Message-ID: <p32ek3t16iuqdeosv5r3njt6ccghtfh38f@hive.bjoern.hoehrmann.de>

* Henrik Nordstrom wrote:
>The whole spec applies to HTTP/1.1 clients and servers. HTTP/1.1 clients
>or servers receiving an HTTP/1.0 message is supposed to parse this per
>the rules in the HTTP/1.1 specs, not the obsolete HTTP/1.0
>specifications.
>
>This is why there is certain areas of the HTTP/1.1 specs mention
>HTTP/1.0 restrictions where the client or server need to act differently
>if the message was HTTP/1.0.
>
>The version number in an HTTP message is the compliance level of the
>sender. The receiver should parse it per it's own compliance level, not
>the message protocol level.

Your reading of the specification requires to assume that it does not
explicitly discuss this case for a reason. However, it might just not
discuss it because the case has been overlooked, and some would see
the conflicting implementation behavior as security problem. I disagree
that doing nothing about this in the specification is the best course of
action.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 23 November 2007 17:23:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:23 GMT