- From: Erik Nygren <erik+ietf@nygren.org>
- Date: Tue, 16 Mar 2021 12:04:23 -0400
- To: Ben Schwartz <bemasc@google.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAKC-DJj7ikuyobGUFiwuqPHByTG_0T_vd8opoofjB7=hOSxRrg@mail.gmail.com>
I also added it to my (growing) list of topics for 7838bis. There's starting to be enough for 7838bis that we may want to fold it in there rather than have a stand-alone draft. I'm interested in helping pull together 7838bis in the next few months if others are interested, but have a number of other things I need to work through first. Best, Erik On Tue, Mar 16, 2021 at 11:59 AM Ben Schwartz <bemasc@google.com> wrote: > I think this is probably worthwhile if there's some nontrivially deployed > parser with this bug. Otherwise, it doesn't seem necessary. > > On Tue, Mar 16, 2021 at 3:42 AM Julian Reschke <julian.reschke@gmx.de> > wrote: > >> Am 16.03.2021 um 01:47 schrieb Lucas Pardue: >> > Hello HTTP WG, >> > >> > Anthony and I found a little Alt-Svc "what if" case where some naive >> > parsing code might stumble when trying to process keyword "clear" or an >> > ALPN protocol ID of "clear". The ALPN space is large enough that the >> >> Not "naive", but really broken, right? >> >> > chances are small, but we wrote a little I-D (forwarded) that would >> > reserve the sequence so that nobody might do this unwittingly. >> > >> > Thoughts? >> > >> > Maybe the odds of actual problems are so small that doing nothing is ok. >> > Or maybe this is a potential improvement to bank for some type of RFC >> > 7838bis. Either way, the problem seems well-formed enough to document in >> > order to gather feedback or criticism :) >> > ... >> >> If we did a 7838bis, we *could* add a warning that using a broken parser >> is bad. The problem is that people who actually read the spec whould >> probably know this already. >> >> Best regards, Julian >> >>
Received on Tuesday, 16 March 2021 16:04:47 UTC