W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: clarify some MUST requirements in HTTPbis part 1 section 3.3

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 29 Nov 2011 07:43:43 +0100
To: Dmitry Kurochkin <dmitry.kurochkin@measurement-factory.com>
Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <20111129064343.GG2520@1wt.eu>
Hi Dmitry,

On Tue, Nov 29, 2011 at 10:35:18AM +0400, Dmitry Kurochkin wrote:
(...)
> > The smuggling risk only rises where conflicting or incorrect values are 
> > sent, which is the case described in item #3.
> > 
> 
> Indeed.  So even if proxy does not remove the duplicate CL values, it
> still must correctly determine the message length per item #4 because
> item #3 does not apply here.  In this case, "prior to determining the
> message-body length" part in the paragraph 4 seems unneeded.

I think the "prior to determining..." part comes from a general handling
of multiple headers. For numerical values, it is not a problem. However
some headers will have a different meaning when folded. For instance, an
Expires header that would be split between the day of week and the rest
could be valid only once folded :

    Expires: Tue
    Expires: 29 Nov 2011 06:40:52 GMT
vs
    Expires: Tue, 29 Nov 2011 06:40:52 GMT

In my opinion, having such guidelines in the spec is better than leaving
it to the implementer to guess them. For those who're unsure, they'll
write more reliable code. If you know what you're doing and are able to
guess that in your case the "prio to" is unneeded, then that's fine.

Regards,
Willy
Received on Tuesday, 29 November 2011 06:44:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT