- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 1 Jul 2014 08:59:03 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, Barry Leiba <barryleiba@computer.org>, RFC Errata System <rfc-editor@rfc-editor.org>, Roy Fielding <fielding@gbiv.com>, Pete Resnick <presnick@qti.qualcomm.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Jul 1, 2014 at 8:45 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > True, but what would be a bigger concern is the case where draconic error > handling results in a *loss* of security (and that's not the case here, > right?). I could imagine this being the cause of a crucial subresource not working. Cannot immediately think of an attack though. > It would be awesome if the people working on Servo would have a look at > <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HeaderFieldTypes> and try > to come up with some kind of library that makes it easier to create parsers > for the notoriously hard to parse yet similar header fields (C-C, WWW-A, > C-D, C-T ...) It would be, but what we should be aiming for is not requiring additional work as launching a new client is already very costly. -- http://annevankesteren.nl/
Received on Tuesday, 1 July 2014 06:59:30 UTC