W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Header Parsing Profile

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 29 Jul 2014 23:34:28 +1200
Message-ID: <53D786C4.1030805@treenet.co.nz>
To: ietf-http-wg@w3.org
On 29/07/2014 7:19 p.m., Willy Tarreau wrote:
> On Tue, Jul 29, 2014 at 04:54:46PM +1000, Mark Nottingham wrote:
>> In Toronto, we briefly discussed an idea that came up earlier on the list --
>> creating a specification for error handling when parsing HTTP headers. 
>>
>> This would be an optional profile; implementations or applications that
>> choose to use it can do so, but its use would not be mandated.
> 
> I think it can make the general culture more aware of header formats.
> Most of the ugliness we see in field comes from people who think they
> know so they don't need to check specs, and making more people aware
> of general principles around header parsing could actually improve
> this situation.
> 
>> There seemed to be support and interest in work in this area. However, we
>> need to gather more information, I think. 
>>
>> So, I've started a wiki page to gather possible areas of work here:
>>   https://github.com/httpwg/http-extensions/wiki/HeaderParsing
>>
>> Please contribute.
> 
> I hope to find some time to contribute as I think it's useful and needed.

Ditto.


IMHO, this effort could grow into a security profile for HTTP parsers.
Meeting our charter requirement for improving security.

Amos
Received on Tuesday, 29 July 2014 11:35:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:48:20 UTC