W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: [Technical Errata Reported] RFC7231 (4031)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 1 Jul 2014 08:59:03 +0200
Message-ID: <CADnb78gyQE_UO=is9FSwNwOvKp-LjMNZgxc_kbUd=aQYyV_ntg@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, Barry Leiba <barryleiba@computer.org>, RFC Errata System <rfc-editor@rfc-editor.org>, Roy Fielding <fielding@gbiv.com>, Pete Resnick <presnick@qti.qualcomm.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Jul 1, 2014 at 8:45 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> True, but what would be a bigger concern is the case where draconic error
> handling results in a *loss* of security (and that's not the case here,
> right?).

I could imagine this being the cause of a crucial subresource not
working. Cannot immediately think of an attack though.


> It would be awesome if the people working on Servo would have a look at
> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HeaderFieldTypes> and try
> to come up with some kind of library that makes it easier to create parsers
> for the notoriously hard to parse yet similar header fields (C-C, WWW-A,
> C-D, C-T ...)

It would be, but what we should be aiming for is not requiring
additional work as launching a new client is already very costly.


-- 
http://annevankesteren.nl/
Received on Tuesday, 1 July 2014 06:59:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:08 UTC