- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 9 Mar 2011 14:32:35 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Mar 9, 2011, at 2:21 PM, Julian Reschke wrote: > On 09.03.2011 19:04, Mark Nottingham wrote: >> I've scheduled this for -13. >> >> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/95#comment:20> >> >> >> On 20/02/2011, at 11:12 PM, Mark Nottingham wrote: >> >>> So, I propose: >>> >>> * adding text that allows duplicates explicitly, and >>> >>> * upgrading the SHOULD to a MUST in this requirement: >>> >>> If this is a response message received by a user-agent, it SHOULD be treated >>> as an error by discarding the message and closing the connection. > > ...clarifying: you say "adding text that allows duplicates explicitly"... that could be read to REQUIRE recipients to accept those duplicates -- are we really going to declare recipients that do not do that to be non-compliant? We need to require that they process received duplicates in the same way as all other recipients in order to avoid response smuggling. > If we do, we *probably* need to adjust the header field ABNF (because "x, x" doesn't parse), which I'd rather do not... No, we still require that duplicates not be sent. The ABNF only defines valid messages. This new requirement is for exception handling in the case of an invalid received message. ....Roy
Received on Wednesday, 9 March 2011 22:33:03 UTC