- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Tue, 29 Jul 2014 23:34:28 +1200
- To: ietf-http-wg@w3.org
On 29/07/2014 7:19 p.m., Willy Tarreau wrote: > On Tue, Jul 29, 2014 at 04:54:46PM +1000, Mark Nottingham wrote: >> In Toronto, we briefly discussed an idea that came up earlier on the list -- >> creating a specification for error handling when parsing HTTP headers. >> >> This would be an optional profile; implementations or applications that >> choose to use it can do so, but its use would not be mandated. > > I think it can make the general culture more aware of header formats. > Most of the ugliness we see in field comes from people who think they > know so they don't need to check specs, and making more people aware > of general principles around header parsing could actually improve > this situation. > >> There seemed to be support and interest in work in this area. However, we >> need to gather more information, I think. >> >> So, I've started a wiki page to gather possible areas of work here: >> https://github.com/httpwg/http-extensions/wiki/HeaderParsing >> >> Please contribute. > > I hope to find some time to contribute as I think it's useful and needed. Ditto. IMHO, this effort could grow into a security profile for HTTP parsers. Meeting our charter requirement for improving security. Amos
Received on Tuesday, 29 July 2014 11:35:01 UTC