- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 29 Nov 2011 07:43:43 +0100
- To: Dmitry Kurochkin <dmitry.kurochkin@measurement-factory.com>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Hi Dmitry,
On Tue, Nov 29, 2011 at 10:35:18AM +0400, Dmitry Kurochkin wrote:
(...)
> > The smuggling risk only rises where conflicting or incorrect values are
> > sent, which is the case described in item #3.
> >
>
> Indeed. So even if proxy does not remove the duplicate CL values, it
> still must correctly determine the message length per item #4 because
> item #3 does not apply here. In this case, "prior to determining the
> message-body length" part in the paragraph 4 seems unneeded.
I think the "prior to determining..." part comes from a general handling
of multiple headers. For numerical values, it is not a problem. However
some headers will have a different meaning when folded. For instance, an
Expires header that would be split between the day of week and the rest
could be valid only once folded :
Expires: Tue
Expires: 29 Nov 2011 06:40:52 GMT
vs
Expires: Tue, 29 Nov 2011 06:40:52 GMT
In my opinion, having such guidelines in the spec is better than leaving
it to the implementer to guess them. For those who're unsure, they'll
write more reliable code. If you know what you're doing and are able to
guess that in your case the "prio to" is unneeded, then that's fine.
Regards,
Willy
Received on Tuesday, 29 November 2011 06:44:26 UTC