Re: New Version Notification for draft-kamp-httpbis-structure-01.txt (fwd)

Kazuho Oku <kazuhooku@gmail.com> Thu, 17 November 2016 01:10 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D47B91294A6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 16 Nov 2016 17:10:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.998
X-Spam-Level:
X-Spam-Status: No, score=-7.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMKtieT6SKYE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 16 Nov 2016 17:10:30 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 429DB129417 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 16 Nov 2016 17:10:30 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c7BA8-00047j-Et for ietf-http-wg-dist@listhub.w3.org; Thu, 17 Nov 2016 01:06:48 +0000
Resent-Date: Thu, 17 Nov 2016 01:06:48 +0000
Resent-Message-Id: <E1c7BA8-00047j-Et@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <kazuhooku@gmail.com>) id 1c7B9y-00046J-F8 for ietf-http-wg@listhub.w3.org; Thu, 17 Nov 2016 01:06:38 +0000
Received: from mail-wm0-f51.google.com ([74.125.82.51]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <kazuhooku@gmail.com>) id 1c7B9r-0000jZ-Vt for ietf-http-wg@w3.org; Thu, 17 Nov 2016 01:06:33 +0000
Received: by mail-wm0-f51.google.com with SMTP id a197so277462972wmd.0 for <ietf-http-wg@w3.org>; Wed, 16 Nov 2016 17:06:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KI75ED/6qRMl/orApb65Yc/x5fp6oXNzBmYuHZMYG6E=; b=mEvEIVoa6j6Rah6uBb/wyJSbn22/OyfZIr5Wqim5xFUKCpohd+AUDS5WhSoJdiXtUy GYfO/6UC+4wq7GtPSMrEI0NdXhFvElgDLuwvXs1u2l1w6CitzB4gE6IafsnKqiBrIBt8 zw+FZTNcLT2mgRpL4iYjv8jPGFuEqMdQ34DYz6wTeWHM3VHJh6bNojALegfSuJzoZZAS tEH2W6u8O2Ob3iY0hFCa/UJEzDRzLEPsPyUeKXwnlzBXihYEuqoQ/K9+t9cyo2uPwVvF qAhps+YoBEqPSXKOJwDKuyYa5quQs5jNeT8A8ts5ZCnpdk145ni1B0UBhDkkqgaw/3yG meIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KI75ED/6qRMl/orApb65Yc/x5fp6oXNzBmYuHZMYG6E=; b=HfDCwMsy8lVxXKVQji+9fIUs973QssGvhUGM1YSLYrh8DZi1O+WeKThwUIZMPsNnxm J0WIaHaZn/Wno+u6luz00AsWIu1PZYD8LVfObebRbsOd9lJTHg49l9qn1iUZchW6XaHf DAyt7hrVIiVE4+kGWKmVQjVLYx07nBGOyQxlg/IHy7LMvMb12bZ01kAGd8xGmBMrYTpQ y3GUbeoVMbr2qQ4yHKmxrPNRMfntvn8MbBL+g6033CdLf0DPklIHMnzXMxnZB6/DYWyj yPXaU8TGpyPeQFhcWZd0jMrfvn9BRcNCoQ3Cerk5n+IIxNQyQ5QEgUz0r/b3NUwLfyvp kk/g==
X-Gm-Message-State: AKaTC00N+oVFYd/H2d6hlLifTA+DMjRBt8mbfC/ccsEXQ4nw1WjqzcVfoamLwu8XQ+FnUniOU0/h3ueLv0W8kQ==
X-Received: by 10.194.116.66 with SMTP id ju2mr225918wjb.223.1479344765500; Wed, 16 Nov 2016 17:06:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.32.1 with HTTP; Wed, 16 Nov 2016 17:06:04 -0800 (PST)
In-Reply-To: <78354.1477853918@critter.freebsd.dk>
References: <78354.1477853918@critter.freebsd.dk>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Thu, 17 Nov 2016 10:06:04 +0900
Message-ID: <CANatvzx5RSnnN9ybqh6tRqKV=7NVO+PTpgAuVUU+6JuKGFtczg@mail.gmail.com>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=74.125.82.51; envelope-from=kazuhooku@gmail.com; helo=mail-wm0-f51.google.com
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-0.786, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c7B9r-0000jZ-Vt 7d77b0cba1fd11ec774abf80ecfd2476
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-kamp-httpbis-structure-01.txt (fwd)
Archived-At: <http://www.w3.org/mid/CANatvzx5RSnnN9ybqh6tRqKV=7NVO+PTpgAuVUU+6JuKGFtczg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32914
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi,

Thank you for writing the draft.

Regarding the numbers, could we either exclude floating point from the
specification or state that an integral number MUST be encoded without
using a dot?

The reason I ask is because it is hard to correctly implement a parser
for floating point numbers, and a bug in the parser would likely lead
to a vulnerability [1]. Note that in some (if not most) of the
programming languages you would need to implement your own number
parser to meet the needs. For example, you cannot use sscanf in C,
because depending on the locale the function allows use of decimal
points other than '.'.

If we could exclude floating point numbers from the specification
entirely or have a restriction something like above, parser
implementors can refrain from implementing their own floating point
number parsers until the specification in which they are interested in
actually start using the notation.

Non-integral numbers are rarely used in the HTTP headers. The only one
I can recall is the q value of Accept-Encoding, but it is not a
floating-point but actually a fixed-point number (of three decimals
below the point), which could have been represented by using integral
numbers between 0 to 1000.

     weight = OWS ";" OWS "q=" qvalue
     qvalue = ( "0" [ "." 0*3DIGIT ] )
            / ( "1" [ "." 0*3("0") ] )


[1] https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0154.html

2016-10-31 3:59 GMT+09:00 Poul-Henning Kamp <phk@critter.freebsd.dk>dk>:
> Updated in preparation for WG discussion in Seoul.
>
> Minor changes only.
>
> Github repo:    https://github.com/bsdphk/id_common_structure
>
>
> ------- Forwarded Message
>
> A new version of I-D, draft-kamp-httpbis-structure-01.txt
> has been successfully submitted by Poul-Henning Kamp and posted to the
> IETF repository.
>
> Name:           draft-kamp-httpbis-structure
> Revision:       01
> Title:          HTTP header common structure
> Document date:  2016-10-30
> Group:          Individual Submission
> Pages:          13
> URL:            https://www.ietf.org/internet-drafts/draft-kamp-httpbis-structure-01.txt
> Status:         https://datatracker.ietf.org/doc/draft-kamp-httpbis-structure/
> Htmlized:       https://tools.ietf.org/html/draft-kamp-httpbis-structure-01
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-kamp-httpbis-structure-01
>
> Abstract:
>   An abstract data model for HTTP headers, "Common Structure", and a
>   HTTP/1 serialization of it, generalized from current HTTP headers.
>
> ------- End of Forwarded Message
>
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence..
>
>
>



-- 
Kazuho Oku