Re: [Technical Errata Reported] RFC9112 (7214)

On Mon, Oct 31, 2022 at 03:50:25AM -0700, RFC Errata System wrote:
> The following errata report has been submitted for RFC9112,
> "HTTP/1.1".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7214
> 
> --------------------------------------
> Type: Technical
> Reported by: Niklas Wolber <niklas.wolber-rfc@octopost.eu>
> 
> Section: 1.2
> 
> Original Text
> -------------
> The following core rules are included by reference, as defined in
> [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
> (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
> HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line
> feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any
> visible [USASCII] character).
> 
> Corrected Text
> --------------
> The following core rules are included by reference, as defined in
> [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
> (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
> HEXDIG (hexadecimal 0-9/A-F), HTAB (horizontal tab), LF (line
> feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any
> visible [USASCII] character).
> 
> Notes
> -----
> Rule HEXDIG from RFC5234 is 
> HEXDIG =  DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
> excluding lower-case letters.

That's concerning, because HEXDIG is only used to define chunk-size, and
since chunk-size was introduced, it has always supported lower-case. This
same definition was already present in 7230, which explicitly mentioned
the lower-case chars as well.

The proposed change is not acceptable as we cannot forbid lower-case hex
digits in chunk sizes 25 years after they've been widely used, so the
alternative might be to stop relying on HEXDIG for chunk sizes and fall
back to a local "HEX" definition like 2616 did.

Just my two cents,
Willy

Received on Monday, 31 October 2022 11:41:10 UTC