W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: lower casing host names

From: Adrien de Croy <adrien@qbik.com>
Date: Sat, 31 Dec 2011 07:44:53 +1300
Message-ID: <4EFE06A5.3050604@qbik.com>
To: Dale Anderson <dra@redevised.net>
CC: Daniel Stenberg <daniel@haxx.se>, HTTP Working Group <ietf-http-wg@w3.org>
all domain names are case insensitive according to the DNS specs RFC 
1034, 1035 etc.

On 31/12/2011 6:00 a.m., Dale Anderson wrote:
>> It turns out both browsers always unconditionally lower case the host name in URIs so they never send HTTP requests with mixed case.
> I seen common browsers also "treat" the URI path (percent-encode it,
> most notably). I appreciate that curl is a li'l more literal for HTTP
> testing work. I hope curl and libcurl would stay that way and leave
> standardizing case optional if anything.
>
> I only used the python bindings, seems like it would fall under one of
> those 'setopt' calls to change the default for whether it's
> standardizing cases to lowercase before constructing the request-line
> and host header, maybe independent option for request-line and
> host-header case lowering.
>
>
>> Why do they do this? Is this behavior of treating names differently based on
>> case common? If so, should httpbis mention it?
>>
> They being HTTP daemons and applications:
>   - they are just used to being fed mechanically-softed lowercase
> strings from browsers
>   - they weren't tested what happens when that varies
>   - it was cheap and easy to do a quick strcmp() call instead of
> something case-insensitive
>   - shout out to the implementation that its redirect should be
> comparing hostnames on a case insensitive basis, else
> application-delivery/firewall may have to step in to mitigate
>
> There can be various exploits and bugs along these lines!
>
> Dale Anderson
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
WinGate 7 is released! - http://www.wingate.com/getlatest/
Received on Friday, 30 December 2011 18:45:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:51 GMT