W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: Issues addressed in the -10 and -11 drafts

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 14 Sep 2010 12:02:26 +0200
Message-ID: <4C8F4832.80906@gmx.de>
To: Willy Tarreau <w@1wt.eu>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 14.09.2010 07:50, Willy Tarreau wrote:
> ...
>> I think there are two concerns here:
>>    1) making the spec more complex
>>    2) making code implementing the spec more complex
>> Is it going to cause your implementation problems to refuse messages with two matching content-length headers?
> No, it's even easier, I can remove a test in the code ! But I
> suspect that I'll have to relax the check again in a few months
> to a few years because of the effect mentionned above. Maybe we
> could add a single sentence at the end of point 3 of 3.3 :
>   "An implementation MAY accept exact duplicates of valid Content-Length
>    header fields as a single one, though this practice is discouraged".

We currently have:

"If a message is received without Transfer-Encoding and with either 
multiple Content-Length header fields or a single Content-Length header 
field with an invalid value, then the message framing is invalid and 
MUST be treated as an error to prevent request or response smuggling."

We can't have a MAY relax a MUST; that makes it a "SHOULD".

We could relax this edge case from MUST to SHOULD, but it would 
complicate the spec a lot, and I'm not convinced it's really needed.

It would be great to have more data on this.

 > ...

Best regards, Julian
Received on Tuesday, 14 September 2010 10:03:01 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:23 UTC