- From: James M Snell <jasnell@gmail.com>
- Date: Tue, 20 Aug 2013 19:50:58 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Tue, Aug 20, 2013 at 6:06 PM, Roy T. Fielding <fielding@gbiv.com> wrote: >>[snip] >> UPPER = %x41-5A >> method = UPPER *20( UPPER / "_" / "-" ) > > No. The specification already explains why that isn't desirable > for gateways, and it actually makes the security properties > of applications worse if they think they can rely on the ABNF > to limit received syntax lengths. > Well, I'm familiar with the passage in the current spec that deals with request line length, but not any discussion of request line lengths and what's desirable for gateways. I may have missed it, have a pointer? Regardless, I was talking primarily about requirements for new methods and defining a subset that is a closer reflection of what implementations do. If it makes it better, however, I'm fine with dropping the *20 part... just make it: UPPER = %x41-5A method = UPPER *( UPPER / "_" / "-" ) how's that? - James > ....Roy >
Received on Wednesday, 21 August 2013 02:51:45 UTC