- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 23 Apr 2013 16:02:22 +1000
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Just wondering if we need to explicitly point out the security considerations around the following: * Message routing -- it's somewhat common AIUI for intermediaries to only route on the Host header, for performance reasons; i.e., they do not reconstruct the effective request URI (as required by p1 5.5). I know there's a theoretical risk here, but is there a real-world risk that we should point out? * Message delimitation - the consequences for getting message delimitation wrong (whether it's regarding multiple content-length headers, processing 1xx responses correctly, etc.) are now well-understood. Should we point it out explicitly in SC? -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 23 April 2013 06:02:46 UTC