W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: ABNF switch: list rules

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 24 May 2008 11:59:02 +0200
Message-ID: <4837E6E6.8090004@gmx.de>
To: "Zed A. Shaw" <zedshaw@zedshaw.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>

Zed A. Shaw wrote:
> ...
> On another note, is there a reason why it's specified this way with
> the allowed empty elements at random locations? 

I have no idea what it's good for and why it was specified this way in 
the first place.

> It makes more sense to just not send anything that'd be empty, rather
> than using empty elements.  In theory someone could just stream a ton of
> ',' to make the server do useless work, which could thwart some poorly
> implemented parsers.

As far as I recall, it's a known attack vector (don't forget there can 
be CRs in between the list as well...).

> I'm curious about the history if anyone knows it.

BR, Julian
Received on Saturday, 24 May 2008 09:59:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:45 UTC