Re: Working Group Last Call: draft-ietf-httpbis-content-disp-02

Adam Barth wrote:
> As far as I can tell, your entire message is beating up on a strawman.
>  I haven't proposed any of the things you're shooting down.

I'm shooting down the notion of standardizing nonconformant syntax,
which isn't a strawman if it's exactly what you proposed:

> >>
> >> Given that browsers are going to interpret nonconformant syntax,
> >> I'd rather live in a world in which they all did it the same way.
> >>  That world is more predictable, which is better for security, and
> >> easier for new entrants to the market because those new entrants
> >> don't need to reverse engineer existing implementations.  Fewer
> >> barriers to entry means more competition, which means users get a
> >> better browser product.
> >>

Because your rationales are strawmen -- you can't prove a negative,
i.e. state that any interpretation of nonconformant syntax is more
secure than ignoring it; or that in order to be competitive, browsers
must interpret nonconformant syntax.  It seems to me that it would be a
lower barrier of entry to only interpret conformant syntax, and that
the reduced complexity would result in a better product.  That's just
dueling opinions, you have failed to provide a technical argument in
support of standardizing how nonconformant syntax is to be parsed.


Received on Sunday, 3 October 2010 00:44:57 UTC