W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: #341: whitespace in request-lines and status-lines

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 21 Feb 2012 07:21:28 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Julian Reschke <julian.reschke@gmx.de>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <20120221062128.GB16490@1wt.eu>
On Tue, Feb 21, 2012 at 05:15:25PM +1100, Mark Nottingham wrote:
> 
> On 21/02/2012, at 4:46 PM, Roy T. Fielding wrote:
> 
> > The ABNF defines what is valid to send, not what is robust to parse.
> 
> I know we flirt with this in a few places, but it would be nice to come out and say so explicitly somewhere.

In fact I think it's already stated in p1-1.1 :

   This document also uses ABNF to define valid protocol elements
   (Section 1.2).  In addition to the prose requirements placed upon
   them, Senders MUST NOT generate protocol elements that are invalid.

   Unless noted otherwise, Recipients MAY take steps to recover a usable
   protocol element from an invalid construct.  However, HTTP does not
   define specific error handling mechanisms, except in cases where it
   has direct impact on security.  This is because different uses of the
   protocol require different error handling strategies; for example, a
   Web browser may wish to transparently recover from a response where
   the Location header field doesn't parse according to the ABNF,
   whereby in a systems control protocol using HTTP, this type of error
   recovery could lead to dangerous consequences.

If that's not enough, maybe Roy's sentence above could be inserted before
"Senders MUST NOT..." in the first paragraph ?

Willy
Received on Tuesday, 21 February 2012 06:22:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT