Re: [Technical Errata Reported] RFC9112 (7214) from Mark Nottingham on 2022-10-31 (ietf-http-wg@w3.org from October to December 2022)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 31 Oct 2022 11:44:16 +0000
To: Willy Tarreau <w@1wt.eu>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Roy Fielding <fielding@gbiv.com>, "Julian F. Reschke" <julian.reschke@greenbytes.de>, superuser@gmail.com, francesca.palombini@ericsson.com, tpauly@apple.com, niklas.wolber-rfc@octopost.eu, ietf-http-wg@w3.org
Message-Id: <532F73C3-4780-42C6-B1D6-7E995192C598@mnot.net>

5234 2.3 says:

   ABNF strings are case insensitive and the character set for these strings is US-ASCII.

HEXDIG is defined as an alternation between strings. This errata should be rejected.

Cheers,


> On 31 Oct 2022, at 11:40 am, Willy Tarreau <w@1wt.eu> wrote:
> 
> On Mon, Oct 31, 2022 at 03:50:25AM -0700, RFC Errata System wrote:
>> The following errata report has been submitted for RFC9112,
>> "HTTP/1.1".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> https://www.rfc-editor.org/errata/eid7214
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Niklas Wolber <niklas.wolber-rfc@octopost.eu>
>> 
>> Section: 1.2
>> 
>> Original Text
>> -------------
>> The following core rules are included by reference, as defined in
>> [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
>> (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
>> HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line
>> feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any
>> visible [USASCII] character).
>> 
>> Corrected Text
>> --------------
>> The following core rules are included by reference, as defined in
>> [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
>> (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
>> HEXDIG (hexadecimal 0-9/A-F), HTAB (horizontal tab), LF (line
>> feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any
>> visible [USASCII] character).
>> 
>> Notes
>> -----
>> Rule HEXDIG from RFC5234 is 
>> HEXDIG =  DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
>> excluding lower-case letters.
> 
> That's concerning, because HEXDIG is only used to define chunk-size, and
> since chunk-size was introduced, it has always supported lower-case. This
> same definition was already present in 7230, which explicitly mentioned
> the lower-case chars as well.
> 
> The proposed change is not acceptable as we cannot forbid lower-case hex
> digits in chunk sizes 25 years after they've been widely used, so the
> alternative might be to stop relying on HEXDIG for chunk sizes and fall
> back to a local "HEX" definition like 2616 did.
> 
> Just my two cents,
> Willy

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 31 October 2022 11:45:09 UTC