Re: draft-ietf-httpbis-header-structure: handling multiple field values

Julian Reschke <> Tue, 12 May 2020 17:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F056B3A0848 for <>; Tue, 12 May 2020 10:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.648
X-Spam-Status: No, score=-2.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Fdg1j3dV8S-d for <>; Tue, 12 May 2020 10:48:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3B45E3A0844 for <>; Tue, 12 May 2020 10:48:37 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1jYZ0y-0006Hx-T5 for; Tue, 12 May 2020 17:48:24 +0000
Resent-Date: Tue, 12 May 2020 17:48:24 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jYZ0x-0006H6-BN for; Tue, 12 May 2020 17:48:23 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1jYZ0u-0006iL-RH for; Tue, 12 May 2020 17:48:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=badeba3b8450; t=1589305667; bh=M2rpLLd14r0UXUBbqhZ5dRSGgVrr/tePuW+P2/ok4JM=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=PZGZYtafRQDxtmrEA08NDc7lUetG+Qxa3RzgyAjcpRWJ9PTxrZ92tX5xmyb3o9DTQ TcK1LZvem+wljYnTT4fQ3VNLG2lprY3huBkT6HnoST+S4Ccg4WDE69QS25q5oAyPSl Rto87/GDNNEqiOKRIIouHdv8z12dewkYT/8ME4zw=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [] ([]) by (mrgmx005 []) with ESMTPSA (Nemesis) id 1M8ykW-1jUjn31sLm-00656P; Tue, 12 May 2020 19:47:47 +0200
To: Ian Clelland <>, Willy Tarreau <>
Cc: HTTP Working Group <>
References: <> <> <>
From: Julian Reschke <>
Message-ID: <>
Date: Tue, 12 May 2020 19:47:45 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:YdbfGOiYquXidTExpMZqdSNArozLXuGYE4VwoDJEeEFAsnjjIDs ienXO6nVQlo6s6vgnp3ARwUOJ6jNHrkeMh/qUuV/ppY2qiyTPXuw1LmhpkcfJIuTo9G4Laf B1S+BEYWmEjKW06no2OWvFbuDgtLWAys2iLrsrMYtf8ItnTpNnOYASfCGG+lvDgOzserMpI qWZTdFXDjzit6s1X+IOWg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:+YxUCVWzpJQ=:Th0jCG4VqaODIK7ScT8dGk gpHgaSixgZsziMpBh8yVdijE93LsmyRBMsxTPYojhMg/KJkjpnRYJKpLk4YUop/kijqaAi0hO 3TaWzDl1OaUtjR0plE5MiWlbu0OwVsGAd0jCp6050Sf9Wvj5fpPt86vVoIFgEeVG9mv/WgHzR Ly57Le3gR6qbCbq2PN4HqMCTSPEmhZQTJzTUfvCZZzVoxNP8hkzwWJELOVWq1y1hgsle0FLHP stfaqLq+zyns4bKc3gPCNuB23sM8EGEJzuP3kR/0J6d3b14ceAxHDtbvfLpYaBc3BL60SXCJE UwC3Q1+XZHa4/LJ2MpHJiHESHExxyBrHk6Qy/iwRtnC3fcSNphcV7QUhhATb0iKSSApzWQmL0 VXt0gBza6/nX8kmCHCxuFI/wCzDtzAb+qnxEH3EY/3B6TJF0IBjs4ASkDcPGP+hU7r211paXi 2798CG8FBh8ER0YbqvYZ3jPo+ESfWwHeC8RTvMXqWCzbm5LyeowW6Zm/Uy2OdnyqpZeHiHqTU wfOAxR3dkoJDgbNoPIdsSyQnh9HVBqcSujxSrkWwr0Pj1dUQWGsJ3XsZ1os3Da/0f/OvHt9XW JCp5RQpINAXyAoYryE5gSzdmKmYcJteG17FIFRM2EZkrXd5Cwz0d3ua1Ht2BR1xpH5VSsE0EE xcBjQmVi0jJvU8l3wlpjy73dUWZOOHBQ9G2WbDnRPqA/wK/YxlYE7S6aVSPJy8B4Msd1zWWPV 3HVuJkapsXywBqbLvx65AnpnmZsPpksNipj7cfo/rxMmwqWIS0Gt1IVQdsU195ewHrOQAkypw Guo1GPzMPmwEYSeKqtxbBJJ5iZJPOVy42N2Iieo5mL1oIrHhpih/cVkkmtSXoaBMgeYFfEFdW 8MoBTI9mpPgJft+MzX1IVPWPKCBEcQdMin9TE5T8JkzwlD/9E8lNbiVPTOgvhuJ0rDINwftOP EI1trj3q+BJNsZwIfaW4dCFttjx4ufzUtsZZK572BFCoJAD33X4nl60wftTqX6I5I1GPR8nR1 s+vQVqnWVpM8I+Okl1TUlljzlma0Cdij39cVe66srP8Y4KvFoqNcwHdaccBXxtoWG7wDBl3A8 NOAreWUOwNORCXj+QbT36d+1t6QV82mGfp7GL5kQ/yfuffi9nEkPEx89ZHhJmGebr9xmw2woZ Vgg8hLgfqA/26dXWClQ4senoH2TSgFlv6b7rWshmhI3MenXAOF569TgcwhcQpaB6EpSFrj5kU RpEBYwGvUb9I84dcI
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-5.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1jYZ0u-0006iL-RH 0000172eba9a35dc5e87910398d109ab
Subject: Re: draft-ietf-httpbis-header-structure: handling multiple field values
Archived-At: <>
X-Mailing-List: <> archive/latest/37604
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 12.05.2020 19:39, Ian Clelland wrote:
> This is mentioned in
> --
> "parsers MUST combine all lines in the same section (header or trailer)
> that case-insensitively match the field name into one comma-separated
> field-value", (with the warning given that strings split across multiple
> field values will have "unpredictable results") -- So I don't think
> you're allowed to parse them separately. If both exist in the same
> message, they must be combined before parsing.
> ...

Indeed. Looking at this again, I realize that a paragraph below then
confused me:

"Strings split across multiple field lines will have unpredictable
results, because comma(s) and whitespace inserted upon combination will
become part of the string output by the parser. Since concatenation
might be done by an upstream intermediary, the results are not under the
control of the serializer or the parser."

I read this to mean that errors might be detected early or not, but
maybe this is just a warning that the actual string used for
concatenation can vary?

If that's the intent, I'd call that a spec bug. A string value split
across multiple field instances is very clearly a violation of what HTTP
says about list-shaped header fields, and not allowing a recipient to
detect that seems incorrect to me.

Best regards, Julian