W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: draft-ietf-httpbis-header-structure-00 for general structured data

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sat, 24 Dec 2016 07:43:17 +0000
To: Amos Jeffries <squid3@treenet.co.nz>
cc: ietf-http-wg@w3.org
Message-ID: <58748.1482565397@critter.freebsd.dk>
In message <8f17660e-449f-7c4e-31b7-ba8d3f6af944@treenet.co.nz>, Amos Jeffries 

>AFAICS for most of the headers that will benefit from generic syntax
>parsing instead of custom parsers the desirable behavour is to normalize
>foo;o=X;o=y down to just foo;o=y to prevent foo;o=X vs foo;o=y
>interpretation differences by various recipients and nasty values being
>smuggled through middleware.
>If we can avoid having parameter name duplication, that would be a good
>step towards uniform handling of these smuggling protections.

I have deliberately not written that dictionaries cannot have duplication,
but smuggling prevention is a good reason to require that.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 24 December 2016 07:43:48 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 24 December 2016 07:43:50 UTC