W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: [Technical Errata Reported] RFC7231 (4031)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 01 Jul 2014 08:45:48 +0200
Message-ID: <53B2591C.7010705@gmx.de>
To: Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>
CC: Barry Leiba <barryleiba@computer.org>, RFC Errata System <rfc-editor@rfc-editor.org>, Roy Fielding <fielding@gbiv.com>, Pete Resnick <presnick@qti.qualcomm.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2014-07-01 08:09, Anne van Kesteren wrote:
> On Tue, Jul 1, 2014 at 5:20 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> Anne, is there security impact here?
>
> Rendering
>
>    Content-Type:text/html;
>
> vs showing some kind of error is one of the issues here.

True, but what would be a bigger concern is the case where draconic 
error handling results in a *loss* of security (and that's not the case 
here, right?).

>> I could see us starting work on a "Tolerant HTTP Header Field Parsing" spec if there's sufficient interest; it's a pretty thankless task, but personally I think it'd be worthwhile, and would contribute. We can spend a few minutes in Toronto on this if anyone else is interested...
>
> Exhaustive parsing rules for HTTP clients would be good. Having them
> differ is a big end user transition problem and can slow development
> on new clients, such as Servo.

It would be awesome if the people working on Servo would have a look at 
<http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HeaderFieldTypes> and 
try to come up with some kind of library that makes it easier to create 
parsers for the notoriously hard to parse yet similar header fields 
(C-C, WWW-A, C-D, C-T ...)

Best regards, Julian
Received on Tuesday, 1 July 2014 06:46:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:08 UTC