- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 05 Sep 2014 02:28:20 +1200
- To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/09/2014 1:23 a.m., Willy Tarreau wrote: > On Thu, Sep 04, 2014 at 03:18:56PM +0200, Julian Reschke wrote: >> On 2014-09-04 14:07, Mark Nottingham wrote: >>> >>> On 4 Sep 2014, at 3:02 pm, Poul-Henning Kamp >>> <phk@phk.freebsd.dk> wrote: >>> >>>> But I havn't seen *anybody* say that need to be able to put >>>> NUL, STX or ANSI-escape sequences in HTTTP headers, so I >>>> don't understand why can't we outlaw them in HTTP/2.0, even >>>> if we don't settle the ASCII/UTF-8 question yet ? >>>> >>>> IMO nothing *in* the headers should contain 0x00-0x1f or >>>> 0x7f. >>>> >>>> What makes that decision impossible ? >>> >>> Didn?t say it was. What do people think? >> >> They are disallowed in HTTP/1.1 (MUST NOT send...), so I think it >> would be good to disallow them in HTTP/2 (hard fail?) as well. > > +1 +1 Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUCHcEAAoJELJo5wb/XPRjrisIAMY0VAkPqKTvWOHXdm9zIUfQ YKDiCR+H1tr3RIMP6q9HaRvz965NS6mB1t3wggzeYKKsapAclG4cOH5gqxgU270T eBpfFUaU2asmYxoDQcc+PhonH5m5m3r3eeVGW6wTe/KixPESqRCb+TzvixbSxdWp padm7S+kFvrj8H4m6CSlOWuhLU0FsAmS9CJBnTeSAmOXCvuNHfoGKsre1qEAlrqf X503HYbg75FmjHX21FMQf7kbBSg3gcDNfG8FYNOHGYaTzptTtD2TGwW7sh8VEAzN MENWZW2XkHbILPX0kg4NEef61RBPo4aiff+nupy+krt+J8hp8z4vi6GlST+q5CM= =9ZX6 -----END PGP SIGNATURE-----
Received on Thursday, 4 September 2014 14:28:56 UTC