- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 05 Aug 2012 16:39:46 +0000
- To: Phillip Hallam-Baker <hallam@gmail.com>
- cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
In message <CAMm+Lwj_MqNJRkXLVUbwCZdqFru_GwFs9Pe8AB+jYSQNO8jy=g@mail.gmail.com> , Phillip Hallam-Baker writes: >On Sun, Aug 5, 2012 at 8:31 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> But opens you up to DoS attacks along the lines of: >> >> GET /ABCDEF.html >> GET /%41BCDEF.html >> GET /A%42CDEF.html >> ... > >Those are actually the same URL. Just different encodings. That's exactly the point. Intermediaries need to decode URI and therefore the question of ASCII vs. UTF8 performance is relevant. But as I said earlier: I'm not sure if the advantage goes to ASCII with the need for further encoding, or to UTF8 with no further encoding needed. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 5 August 2012 16:40:12 UTC