- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 22 Mar 2014 08:47:08 +0100
- To: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, Mark Nottingham <mnot@mnot.net>, Zhong Yu <zhong.j.yu@gmail.com>, Dave Thaler <dthaler@microsoft.com>, Osama Mazahir <OSAMAM@microsoft.com>, Matthew Cox <macox@microsoft.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2014-03-22 08:27, Julian Reschke wrote: > On 2014-03-22 06:40, Gabriel Montenegro wrote: >> ... >>> From Julian: >> >> Practically, how is a UA supposed to *know* the encoding that was >> used for the URI *unless' it constructed it itself? (Which is not what >> browsers do; they only construct the query part). >> >> If you don't know for sure, then don't use the header. But if you know >> for sure, it's useful to indicate this fact by using the headers to >> tighten parsing at the other side. Notice that a malicious agent would >> have incentive to *not* use the header so as to continue exploiting >> the legacy situation. Using the header imposes constraints that make >> it harder to exploit the current situation of non-determinism. > > I have the impression that some of the confusion is caused by different > people making different claims about what recipients will do with the > server. My understanding was that Nicolas sees this as a signal that Sorry. s/server/header field/ > .... Best regards, Julian
Received on Saturday, 22 March 2014 07:47:44 UTC