- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Sat, 05 Jan 2008 23:32:43 +0100
- To: David Morris <dwm@xpasc.com>
- Cc: ietf-http-wg@w3.org
- Message-Id: <1199572363.17001.49.camel@henriknordstrom.net>
On ons, 2008-01-02 at 18:44 -0800, David Morris wrote: > If we have a specific set of suggestions for certain errors, it might be > better to produce a BCP document as a companion rather than encumbering > the revised spec with details really in the domain of the implementor. Yes, with the exception of Content-Length when used as message delimiter which has a direct security impact on the protocol itself, and not only it's use.. What I have in mind regarding Content-Length is to add a condition (probably in "Message Length") that when a recipient sees a messages with conflicting repeated content-length headers the recipient SHOULD (MUST?) either reject the invalid message as invalid, ignore the Content-Length or close the connection after processing the message. Randomly picking one of the values in a best effort to try to understand the message while keeping the connection open is not acceptable for a conformant implementation. Regarding other headers I think it's sufficient to add a reminder that sending multiple headers of a non-list header renders the message invalid and MAY be rejected by the recipient, if anything at all needs to be said about this. Regards Henrik
Received on Saturday, 5 January 2008 22:32:55 UTC