- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Fri, 23 Nov 2007 18:23:12 +0100
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: ietf-http-wg@w3.org
* Henrik Nordstrom wrote: >The whole spec applies to HTTP/1.1 clients and servers. HTTP/1.1 clients >or servers receiving an HTTP/1.0 message is supposed to parse this per >the rules in the HTTP/1.1 specs, not the obsolete HTTP/1.0 >specifications. > >This is why there is certain areas of the HTTP/1.1 specs mention >HTTP/1.0 restrictions where the client or server need to act differently >if the message was HTTP/1.0. > >The version number in an HTTP message is the compliance level of the >sender. The receiver should parse it per it's own compliance level, not >the message protocol level. Your reading of the specification requires to assume that it does not explicitly discuss this case for a reason. However, it might just not discuss it because the case has been overlooked, and some would see the conflicting implementation behavior as security problem. I disagree that doing nothing about this in the specification is the best course of action. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Friday, 23 November 2007 17:23:29 UTC