W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

RE: Issue 163, was: Meaning of invalid but well-formed dates

From: Brian Smith <brian@briansmith.org>
Date: Tue, 19 May 2009 09:31:27 -0500
To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <005801c9d88e$8155f6a0$8401e3e0$@org>
Jamie Lokier wrote:
> Julian Reschke wrote:
> >     * HTTP/1.1 clients and caches SHOULD assume that an RFC-850 date
> > which appears to be more than 50 years in the future is in fact in
> > the past (this helps solve the "year 2000" problem).
> >
> > 50 years from when? Does the semantics of the message depend on
> > when you look at it?

I think the algorithm is:

* If the Date header field isn't present, synthesize a Date header from the
current time as you usually would. 
* Add the century from the Date header to the two-digit year.
* If the resultant year is 50 years or more in the future (relative to the
Date header), keep subtracting 100 from it until it appears to be in the
past (subtracting 100 once will be sufficient if the Date header isn't
invalidly far in the future).

I don't know why only "clients and caches" should do this and not origin
servers. That doesn't make sense to me.

> ... Unless there is some attack on HTTP possible by taking advantage
> of a message's time being interpreted differently on different agents
> that it passes through.  Proxies don't rewrite the date header into
> standard form - do they?

They are required to rewrite dates into rfc1123 format, because they are
forbidden from sending dates in the obsolete formats. My implementations do
not do that, but I don't know about others. 

- Brian
Received on Tuesday, 19 May 2009 14:32:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:03 GMT