W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

#41: Header Block field name length

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 26 Feb 2013 10:31:06 +1100
Cc: Martin Dürst <duerst@it.aoyama.ac.jp>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>
Message-Id: <EFA9E740-A248-40C4-806F-B4F5B905D037@mnot.net>
To: James M Snell <jasnell@gmail.com>
Yeah, personally I'd agree that 32 bits is a bit much...
   http://http2.github.com/http2-spec/#HeaderBlock

Say, 8 bits?

(opening as <https://github.com/http2/http2-spec/issues/41>)



On 26/02/2013, at 10:26 AM, James M Snell <jasnell@gmail.com> wrote:

> Sigh.. ok, how about the part about limiting header field name length
> to <= 0xFF?
> 
> On Mon, Feb 25, 2013 at 3:02 PM, Mark Nottingham <mnot@mnot.net> wrote:
>> I'd be really, really wary of this. They may not be standard or common, but I've seen many headers that exercise the stranger characters available, and having them break in HTTP/2 would not be good.
>> 
>> Cheers,
>> 
>> 
>> On 26/02/2013, at 2:58 AM, James M Snell <jasnell@gmail.com> wrote:
>> 
>>> Could we get away with redefining this as simply...
>>> 
>>>    "-" / "." / "_"  / DIGIT / ALPHA
>>> 
>>> With an 8-bit length restriction? (That is, length represent by a single unsigned byte)
>>> 
>>> Given all evidence of current practice, these constraints appear quite reasonable.
>>> On Feb 25, 2013 2:36 AM, "Mark Nottingham" <mnot@mnot.net> wrote:
>>> Right now, the syntax is:
>>> 
>>>  header-field   = field-name ":" OWS field-value BWS
>>>  field-name     = token
>>>  token          = 1*tchar
>>>  tchar          = "!" / "#" / "$" / "%" / "&" / "'" / "*"
>>>                    / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
>>>                    / DIGIT / ALPHA ; any VCHAR, except special
>>> 
>>> 
>>> 
>>> On 25/02/2013, at 7:57 PM, Martin J. Dürst <duerst@it.aoyama.ac.jp> wrote:
>>> 
>>>> Hello Roberto,
>>>> 
>>>> What do you mean with "header key"? Do you mean header field names? E.g. the "Host" in the host header (field), and so on?
>>>> 
>>>> In that case, I agree. Please note that [RFC5322] allows all US-ASCII printable characters except ":" in optional header field names (Section 3.6.8). I had to learn this (and the "header field", "header field name",... terminology) while working on RFC 6068.
>>>> 
>>>> I'm not sure this also applies to HTTP, but it may as well do so. Of course, a header field name like "^$&%*@(!]" really makes no sense at all, but that's a separate issue.
>>>> 
>>>> Regards,   Martin.
>>>> 
>>>> On 2013/02/20 5:45, Roberto Peon wrote:
>>>>> Right now I believe we allow a wider encoding for HTTP keys than is
>>>>> necessary.
>>>>> 
>>>>> Does anyone know of any non-crazy use for character values>  127 in the
>>>>> header keys (because I really can't think of any)?
>>>>> 
>>>>> -=R
>>>>> 
>>>> 
>>> 
>>> --
>>> Mark Nottingham   http://www.mnot.net/
>>> 
>>> 
>>> 
>>> 
>> 
>> --
>> Mark Nottingham   http://www.mnot.net/
>> 
>> 
>> 

--
Mark Nottingham   http://www.mnot.net/
Received on Monday, 25 February 2013 23:31:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 25 February 2013 23:31:38 GMT