W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: Working Group Last Call: draft-ietf-httpbis-content-disp-02

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Sat, 2 Oct 2010 18:44:10 -0600
To: Adam Barth <w3c@adambarth.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Bjoern Hoehrmann <derhoermi@gmx.net>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <20101002184410.5547e899.eric@bisonsystems.net>
Adam Barth wrote:
>
> As far as I can tell, your entire message is beating up on a strawman.
>  I haven't proposed any of the things you're shooting down.
> 

I'm shooting down the notion of standardizing nonconformant syntax,
which isn't a strawman if it's exactly what you proposed:

>
> >>
> >> Given that browsers are going to interpret nonconformant syntax,
> >> I'd rather live in a world in which they all did it the same way.
> >>  That world is more predictable, which is better for security, and
> >> easier for new entrants to the market because those new entrants
> >> don't need to reverse engineer existing implementations.  Fewer
> >> barriers to entry means more competition, which means users get a
> >> better browser product.
> >>
>

Because your rationales are strawmen -- you can't prove a negative,
i.e. state that any interpretation of nonconformant syntax is more
secure than ignoring it; or that in order to be competitive, browsers
must interpret nonconformant syntax.  It seems to me that it would be a
lower barrier of entry to only interpret conformant syntax, and that
the reduced complexity would result in a better product.  That's just
dueling opinions, you have failed to provide a technical argument in
support of standardizing how nonconformant syntax is to be parsed.

-Eric
Received on Sunday, 3 October 2010 00:44:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:27 GMT