- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 21 Feb 2012 07:21:28 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Julian Reschke <julian.reschke@gmx.de>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On Tue, Feb 21, 2012 at 05:15:25PM +1100, Mark Nottingham wrote: > > On 21/02/2012, at 4:46 PM, Roy T. Fielding wrote: > > > The ABNF defines what is valid to send, not what is robust to parse. > > I know we flirt with this in a few places, but it would be nice to come out and say so explicitly somewhere. In fact I think it's already stated in p1-1.1 : This document also uses ABNF to define valid protocol elements (Section 1.2). In addition to the prose requirements placed upon them, Senders MUST NOT generate protocol elements that are invalid. Unless noted otherwise, Recipients MAY take steps to recover a usable protocol element from an invalid construct. However, HTTP does not define specific error handling mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require different error handling strategies; for example, a Web browser may wish to transparently recover from a response where the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery could lead to dangerous consequences. If that's not enough, maybe Roy's sentence above could be inserted before "Senders MUST NOT..." in the first paragraph ? Willy
Received on Tuesday, 21 February 2012 06:22:29 UTC