- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Sun, 06 Mar 2011 23:31:09 +0100
- To: ietf-http-wg@w3.org
Hi, I ran across https://rt.cpan.org/Public/Bug/Display.html?id=61960 and could not find this in draft-ietf-httpbis-p1-messaging-12.txt. It seems to me the specification should say "chunked" as transfer-extension is only valid if it is the last transfer-coding, otherwise you're likely dealing with some form of attack (unfortunately many mainstream imple- mentations use, say, `strstr` to check for "chunked", so they misbe- have if you do something like `Transfer-Encoding: bogochunked`; that might also be worth a "It is incorrect to..." note). regards, -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Sunday, 6 March 2011 22:31:36 UTC