W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#95] Multiple Content-Lengths

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 20 Sep 2010 19:27:32 +1000
Cc: Julian Reschke <julian.reschke@gmx.de>, Anne van Kesteren <annevk@opera.com>, Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>
Message-Id: <4E2EA056-D8D8-415B-93C9-E1F0E0FBB0F2@mnot.net>
To: Adam Barth <w3c@adambarth.com>
I was thinking along similar lines -- if Google (etc.) could check across their repositories (assuming that the information is collected).

I'll ask them if they can run a test.

Thanks,


On 20/09/2010, at 7:19 PM, Adam Barth wrote:

> On Mon, Sep 20, 2010 at 2:06 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> As long as the browser does the right thing with the response, it doesn't matter whether the user is made aware.
>> 
>> I.e., if we require the UA not to display / use the response (upgrade the first SHOULD to a MUST), the second becomes irrelevant, and as Anne says we can reduce the second part to advisory text.
>> 
>> The question is whether there's a legitimate case for ignoring the fact that response smuggling could be happening. Given that two browser vendors already don't seem to think there is, I think this is a good direction to go in.
> 
> In general, making this kinds of decision is very mechanical.  We run
> an experiment to assess the compatibility impact of making the change.
> We then compare the compatibility impact with the severity of the
> issue we'd mitigate by making this change.  In this case, the severity
> is somewhere between "moderate" and "low" according to our usual
> severity guidelines.  That means we'd like to see a compatibility
> impact of something like < 0.001% of HTTP responses.
> 
> We have nice infrastructure for running these experiments, both in the
> Chromium project and in Firefox.  I'm sure if you ask someone at
> Mozilla, they'd be happy to run the experiment using TestPilot.
> 
> Adam


--
Mark Nottingham     http://www.mnot.net/
Received on Monday, 20 September 2010 09:28:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT