W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: draft-montenegro-httpbis-uri-encoding

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 22 Mar 2014 08:47:08 +0100
Message-ID: <532D3FFC.7060907@gmx.de>
To: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, Mark Nottingham <mnot@mnot.net>, Zhong Yu <zhong.j.yu@gmail.com>, Dave Thaler <dthaler@microsoft.com>, Osama Mazahir <OSAMAM@microsoft.com>, Matthew Cox <macox@microsoft.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2014-03-22 08:27, Julian Reschke wrote:
> On 2014-03-22 06:40, Gabriel Montenegro wrote:
>> ...
>>> From Julian:
>>     Practically, how is a UA supposed to *know* the encoding that was
>> used for the URI *unless' it constructed it itself? (Which is not what
>> browsers do; they only construct the query part).
>> If you don't know for sure, then don't use the header. But if you know
>> for sure, it's useful to indicate this fact by using the headers to
>> tighten parsing at the other side. Notice that a malicious agent would
>> have incentive to *not* use the header so as to continue exploiting
>> the legacy situation. Using the header imposes constraints that make
>> it harder to exploit the current situation of non-determinism.
> I have the impression that some of the confusion is caused by different
> people making different claims about what recipients will do with the
> server. My understanding was that Nicolas sees this as a signal that

Sorry. s/server/header field/

> ....

Best regards, Julian
Received on Saturday, 22 March 2014 07:47:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:25 UTC