W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#95] Multiple Content-Lengths

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 20 Sep 2010 10:50:22 +0200
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Willy Tarreau" <w@1wt.eu>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>, "Roy Fielding" <fielding@gbiv.com>
Message-ID: <op.vjbph6ge64w2qv@anne-van-kesterens-macbook-pro.local>
On Mon, 20 Sep 2010 10:46:57 +0200, Julian Reschke <julian.reschke@gmx.de>  
> "MAY" is useless here, of course UAs "MAY" inform the user about just  
> anything.
> The reason why this is discussed at all (*) is that it's a *security*  
> issue, and also recovery from this kind of problem isn't really possible.
> Best regards, Julian
> (*) as compared to a broken date, for instance.

What exactly is the security issue then? Before I was told it's a  
potential security issue. If it's a security issue then the specification  
should probably not define recovery at all and user agents would have  
outstanding security advisories.

Anne van Kesteren
Received on Monday, 20 September 2010 08:51:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:54 UTC