- From: RFC Errata System <rfc-editor@rfc-editor.org>
- Date: Tue, 7 Nov 2023 02:08:59 -0800 (PST)
- To: squid3@treenet.co.nz, fielding@gbiv.com, mnot@mnot.net, julian.reschke@greenbytes.de
- Cc: francesca.palombini@ericsson.com, iesg@ietf.org, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
The following errata report has been rejected for RFC9112, "HTTP/1.1". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7633 -------------------------------------- Status: Rejected Type: Technical Reported by: Amos Jeffries <squid3@treenet.co.nz> Date Reported: 2023-09-06 Rejected by: Francesca Palombini (IESG) Section: 2.2 Original Text ------------- Although the line terminator for the start-line and fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR. Corrected Text -------------- Although the line terminator for the start-line, fields, chunk and last-chunk is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR. Notes ----- chunked encoding (section 6.3) uses CRLF for line/framing delimiters in the same manner as other HTTP message sections. But these lines are not listed as a possible sites of bare-LF line terminator. Which makes for an unnecessary parser exception and complicates possible request smuggling robustness between implementations. --VERIFIER NOTES-- The difference was intentional. A chunked parser is not a start line or field parser (it is a message body parser) and it is supposed to be less forgiving because it does not have to retain backwards compatibility with 1.0 parsers. Hence, bare LF around the chunk sizes would be invalid and should result in the connection being marked as invalid. In any case, suggestions to further hardening of the chunked parser would have to be defined in that section, and would need to be achieved through a consensus document, not in an errata report. -------------------------------------- RFC9112 (draft-ietf-httpbis-messaging-19) -------------------------------------- Title : HTTP/1.1 Publication Date : June 2022 Author(s) : R. Fielding, Ed., M. Nottingham, Ed., J. Reschke, Ed. Category : INTERNET STANDARD Source : HTTP Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
Received on Tuesday, 7 November 2023 10:09:52 UTC