- From: Ben Schwartz <bemasc@google.com>
- Date: Tue, 16 Mar 2021 11:55:39 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAHbrMsB11mLrDzgcTQschWN_CKLTOp+1vqDui7N3-pZTBoS3NA@mail.gmail.com>
I think this is probably worthwhile if there's some nontrivially deployed parser with this bug. Otherwise, it doesn't seem necessary. On Tue, Mar 16, 2021 at 3:42 AM Julian Reschke <julian.reschke@gmx.de> wrote: > Am 16.03.2021 um 01:47 schrieb Lucas Pardue: > > Hello HTTP WG, > > > > Anthony and I found a little Alt-Svc "what if" case where some naive > > parsing code might stumble when trying to process keyword "clear" or an > > ALPN protocol ID of "clear". The ALPN space is large enough that the > > Not "naive", but really broken, right? > > > chances are small, but we wrote a little I-D (forwarded) that would > > reserve the sequence so that nobody might do this unwittingly. > > > > Thoughts? > > > > Maybe the odds of actual problems are so small that doing nothing is ok. > > Or maybe this is a potential improvement to bank for some type of RFC > > 7838bis. Either way, the problem seems well-formed enough to document in > > order to gather feedback or criticism :) > > ... > > If we did a 7838bis, we *could* add a warning that using a broken parser > is bad. The problem is that people who actually read the spec whould > probably know this already. > > Best regards, Julian > >
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Tuesday, 16 March 2021 15:56:04 UTC