Re: Comments on HTTP/1.0 Draft 3 from Jean-Philippe Martin-Flatin on 1995-09-20 (ietf-http-wg@w3.org from July to September 1995)

From: Jean-Philippe Martin-Flatin <syj@ecmwf.int>
Date: Wed, 20 Sep 1995 16:50:55 +0100
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9509201650.ZM21721@helena>

[ Forwarded to the http-wg mailing list with the authorization of
  the author Danyel Ceccaldi <dceccald@elaine.crcg.edu> ]


Hi Jean-Philippe,

[cut]

>## 8 ##
What I understood was that a Http/MIME Gateway will be easy to build
in both directions, if you use CRLF and multiple lines through LWS at
the beginning of lines.

So IMHO I would leave the CRLF thing and would say something like:
It is forbidden for a http header creating application to use the
multiple line mechanism of MIME.

And in section "Tolerant applications":
Gateway programs are allowed to use the MIME compatible splitting of
header lines in http.
Clients should be tolerant in receiving splitted header lines.

It's not well written, but I think you got my intention.

And for http/1.1 CRLF should be a MUST.

>## 13 ##
Z39.50

## 15 ##
>servers should apply the robustness principle
Yes.
>should be mandatory for clients
No. Because IMHO the Http URL syntax is well defined and every http request
should be exact. I don't think it's a good idea if
HTTP/1.0 GET http://www.w3.org/
and
HTTP/1.0 GET http://www.w3.org
are the same. (above is a request sent to a proxy)
But this is only a not only rationale. In fact, I don't like the idea.

## 16 ##
## 17 ##
In HTTP/1.1 there should be:
It must generate the first date.

## 23 ##
item for HTTP/1.1 ?
In my opinion, Yes.

## 25 ##
No. I think for things like LINK it should be allowed.
And , again, I'm not sure if it is allowed in MIME headers, but if so,
it should be allowed.
Anyway, if Multible headers causing confusion, the Server should answer
appropiate: I do what I think I should, but I'm confused.
(Robustnesss, Tolerance)

## 29 ##
No. because every time you find reasons to expand the limit.
At least, I can easily imagine a 20k header:
10 links, each about 1000 chars long,
A long public key: 2k
a huge Accept information: 3k
Other huge stuff: 5k
And links can defined by authors in their documents and also by
a machine so you can't be sure, how long that part will be.

## 30 ##
The rest of the reqpestline is also sensitive (at least the url)
But anyway an interesting question.

## 72 ##
No. The reason was, I believe so, that you should be able to be
completely anonymous, which means you don't want to provide the
information if you activated a link from a specific 'hotlist'-page
or from the browser directly. And, if there are no hints for the
exact uri of your private information, it will be difficult to
find, even if it is public accessible.
Anyway you should be able to hide From and Referer for privacy reasons.

[cut]

By
  Danny

Received on Wednesday, 20 September 1995 08:53:43 UTC