- From: Brian Smith <brian@briansmith.org>
- Date: Tue, 19 May 2009 09:31:27 -0500
- To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Jamie Lokier wrote: > Julian Reschke wrote: > > * HTTP/1.1 clients and caches SHOULD assume that an RFC-850 date > > which appears to be more than 50 years in the future is in fact in > > the past (this helps solve the "year 2000" problem). > > > > 50 years from when? Does the semantics of the message depend on > > when you look at it? I think the algorithm is: * If the Date header field isn't present, synthesize a Date header from the current time as you usually would. * Add the century from the Date header to the two-digit year. * If the resultant year is 50 years or more in the future (relative to the Date header), keep subtracting 100 from it until it appears to be in the past (subtracting 100 once will be sufficient if the Date header isn't invalidly far in the future). I don't know why only "clients and caches" should do this and not origin servers. That doesn't make sense to me. > ... Unless there is some attack on HTTP possible by taking advantage > of a message's time being interpreted differently on different agents > that it passes through. Proxies don't rewrite the date header into > standard form - do they? They are required to rewrite dates into rfc1123 format, because they are forbidden from sending dates in the obsolete formats. My implementations do not do that, but I don't know about others. - Brian
Received on Tuesday, 19 May 2009 14:32:14 UTC