W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

RE: i93: Repeating Single-value headers

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sat, 05 Jan 2008 23:32:43 +0100
To: David Morris <dwm@xpasc.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1199572363.17001.49.camel@henriknordstrom.net>
On ons, 2008-01-02 at 18:44 -0800, David Morris wrote:

> If we have a specific set of suggestions for certain errors, it might be
> better to produce a BCP document as a companion rather than encumbering
> the revised spec with details really in the domain of the implementor.

Yes, with the exception of Content-Length when used as message delimiter
which has a direct security impact on the protocol itself, and not only
it's use..

What I have in mind regarding Content-Length is to add a condition
(probably in "Message Length") that when a recipient sees a messages
with conflicting repeated content-length headers the recipient SHOULD
(MUST?) either reject the invalid message as invalid, ignore the
Content-Length or close the connection after processing the message.
Randomly picking one of the values in a best effort to try to understand
the message while keeping the connection open is not acceptable for a
conformant implementation.

Regarding other headers I think it's sufficient to add a reminder that
sending multiple headers of a non-list header renders the message
invalid and MAY be rejected by the recipient, if anything at all needs
to be said about this.

Regards
Henrik

Received on Saturday, 5 January 2008 22:32:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT