Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Alex Rousskov <rousskov@measurement-factory.com> Wed, 15 February 2017 05:41 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988AE1299E5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 21:41:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cUCyxPbQfwUM for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 21:41:57 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC5981299DF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 14 Feb 2017 21:41:56 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cdsIa-0004w6-4i for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Feb 2017 05:38:40 +0000
Resent-Date: Wed, 15 Feb 2017 05:38:40 +0000
Resent-Message-Id: <E1cdsIa-0004w6-4i@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <rousskov@measurement-factory.com>) id 1cdsIS-0004sZ-64 for ietf-http-wg@listhub.w3.org; Wed, 15 Feb 2017 05:38:32 +0000
Received: from mail.measurement-factory.com ([104.237.131.42]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <rousskov@measurement-factory.com>) id 1cdsIL-0001Ix-A6 for ietf-http-wg@w3.org; Wed, 15 Feb 2017 05:38:26 +0000
Received: from [65.102.233.169] (unknown [65.102.233.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.measurement-factory.com (Postfix) with ESMTPSA id DA673E037; Wed, 15 Feb 2017 05:38:02 +0000 (UTC)
To: Adrien de Croy <adrien@qbik.com>
References: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag> <e01c4945-1116-d258-7004-ea917843bf3d@ninenines.eu> <ema747b801-6dcc-4b2d-ac95-9a027e10c0b4@bodybag> <7874c62b-c6a0-5d84-8115-20016b45118a@measurement-factory.com> <em541e3407-4e99-468e-a1e7-85a7bf074bdd@bodybag> <874938e6-2153-e02a-ab0e-814f468c58f8@measurement-factory.com> <em95b13204-3a33-4bd5-81d2-791e809b9cd2@bodybag> <0f12628c-ab62-22c2-2cf3-e4b456072597@measurement-factory.com> <emdcdebbb8-1ff5-4139-b8f2-409fe94eb6e8@bodybag> <CACweHNBTqcjw=Qdu1mWTeosUMYt0B86xnH8VJoQBYvVMFmCQaw@mail.gmail.com> <eme1e3b988-5c11-4cc3-a930-bca665adceaf@bodybag>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
From: Alex Rousskov <rousskov@measurement-factory.com>
Message-ID: <f9d35d5c-130f-0729-d83a-b2d9cee98dd4@measurement-factory.com>
Date: Tue, 14 Feb 2017 22:38:02 -0700
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <eme1e3b988-5c11-4cc3-a930-bca665adceaf@bodybag>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=104.237.131.42; envelope-from=rousskov@measurement-factory.com; helo=mail.measurement-factory.com
X-W3C-Hub-Spam-Status: No, score=-4.5
X-W3C-Hub-Spam-Report: AWL=-0.571, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cdsIL-0001Ix-A6 8fe0c80093771f30128c4a119ca7cfbc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Archived-At: <http://www.w3.org/mid/f9d35d5c-130f-0729-d83a-b2d9cee98dd4@measurement-factory.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33519
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 02/14/2017 06:45 PM, Adrien de Croy wrote: > If we turn it around, under what circumstances could we consider that > > a user-agent emitting a request message which includes a Content-Length > header whose value is greater than the number of bytes it then transmits > after the headers > Is not an error condition, Never. That is, it is always an error condition. > or that the message should be processed as if it were complete? When the receiving agent is configured to work around certain well-known error conditions (because the decision makers have decided that rejecting the request under those conditions will make things worse for them). FWIW, I do not recall any such conditions on the request receiving side in Squid (other than those already documented as tolerable in the HTTP specs), but there are some framing-related hacks on the response receiving side IIRC. > I also wonder whether we would be having a similar discussion on the TLS > WG about record lengths. There is essentially no difference at the protocol level AFAICT. Are there any hacks in some SSL implementations to accommodate known error conditions? I do not know. Compared with plain text HTTP, the difficulty in writing an SSL agent from scratch combined with outlawing older protocol versions probably helps minimize the long-term need for such hacks. Said that, Squid still has to deal with ancient SSLv2 records (containing TLS v1 messages)... > When security is at stake I thought we tended to take a firmer stand. I do not think this thread contained any recommendations not to take a firm stand. The only disagreement was whether the protocol is missing some MUSTs that would help making that stand easier. > It seems from the language in 3.3.3 par 4 that the intention is that the > C-L MUST match the body payload size. Since C-L defines the body/payload size, the two always match. This equivalence allows the recipient to determine when it got a truncated message or post-message garbage. Alex. > ------ Original Message ------ > From: "Matthew Kerwin" <matthew@kerwin.net.au > <mailto:matthew@kerwin.net.au>> > To: "Adrien de Croy" <adrien@qbik.com <mailto:adrien@qbik.com>> > Cc: "Alex Rousskov" <rousskov@measurement-factory.com > <mailto:rousskov@measurement-factory.com>>; "ietf-http-wg@w3.org" > <ietf-http-wg@w3.org <mailto:ietf-http-wg@w3.org>> > Sent: 15/02/2017 2:18:43 PM > Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length? > >> >> >> On 15 February 2017 at 10:42, Adrien de Croy <adrien@qbik.com >> <mailto:adrien@qbik.com>> wrote: >> >> >> >> ------ Original Message ------ >> From: "Alex Rousskov" <rousskov@measurement-factory.com >> <mailto:rousskov@measurement-factory.com>> >> To: "Adrien de Croy" <adrien@qbik.com <mailto:adrien@qbik.com>>; >> "ietf-http-wg@w3.org <mailto:ietf-http-wg@w3.org>" >> <ietf-http-wg@w3.org <mailto:ietf-http-wg@w3.org>> >> Sent: 15/02/2017 1:32:04 PM >> Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length? >> >> On 02/14/2017 04:18 PM, Adrien de Croy wrote: >> >> The only true size of a body is what you obtain by >> counting its bytes. >> >> >> I disagree. The only true size of a body is the Content-Length >> value (in >> relevant contexts). >> >> >> What about for a sender piecing a message together. Where does >> Content-Length come from? >> >> The content existed before you derived or obtained its length. >> >> >> When we say "content" do we mean content of the message, content of >> the representation, or content of the resource? I've always taken >> content-length to mean the content of the representation[*] -- which, >> since the demise of T-E, basically means message payload. >> >> When we say "body", I hope we're all always talking about message >> payload. (i.e.: representation · Range · T-E) >> >> Reasoning about the _/resource/_ (including file size) is the purview >> of the application, outside of HTTP transport or semantics. At least, >> that's how it looks from my ivory tower. >> >> [*] something something Range something >> >> Cheers >> -- >> Matthew Kerwin >> http://matthew.kerwin.net.au/
- Sections 3.3.2 and 3.3.3 allow bogus Content-Leng… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Loïc Hoguin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- RE: Sections 3.3.2 and 3.3.3 allow bogus Content-… Mike Bishop
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Matthew Kerwin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jason T. Greene
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Daniel Stenberg
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Willy Tarreau
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Matthew Kerwin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Mark Nottingham
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Willy Tarreau
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Cory Benfield
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Patrick McManus