W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [#95] Multiple Content-Lengths

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 9 Mar 2011 14:32:35 -0800
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <23B66AFF-37DC-4350-92C6-25F81A94B8ED@gbiv.com>
To: Julian Reschke <julian.reschke@gmx.de>
On Mar 9, 2011, at 2:21 PM, Julian Reschke wrote:

> On 09.03.2011 19:04, Mark Nottingham wrote:
>> I've scheduled this for -13.
>> 
>> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/95#comment:20>
>> 
>> 
>> On 20/02/2011, at 11:12 PM, Mark Nottingham wrote:
>> 
>>> So, I propose:
>>> 
>>> * adding text that allows duplicates explicitly, and
>>> 
>>> * upgrading the SHOULD to a MUST in this requirement:
>>> 
>>>   If this is a response message received by a user-agent, it SHOULD be treated
>>>   as an error by discarding the message and closing the connection.
> 
> ...clarifying: you say "adding text that allows duplicates explicitly"... that could be read to REQUIRE recipients to accept those duplicates -- are we really going to declare recipients that do not do that to be non-compliant?

We need to require that they process received duplicates in the
same way as all other recipients in order to avoid response
smuggling.

> If we do, we *probably* need to adjust the header field ABNF (because "x, x" doesn't parse), which I'd rather do not...

No, we still require that duplicates not be sent.  The ABNF
only defines valid messages.  This new requirement is for
exception handling in the case of an invalid received message.

....Roy
Received on Wednesday, 9 March 2011 22:33:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT