[Errata Rejected] RFC9112 (7633)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 07 November 2023 10:12 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CBB2C1FB881 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 02:12:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.636
X-Spam-Level:
X-Spam-Status: No, score=-2.636 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xpG_voGFQlqB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 02:12:36 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35838C1C5F4F for <httpbisa-archive-bis2Juki@ietf.org>; Tue, 7 Nov 2023 02:12:23 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1r0J1v-00FLeo-Rh for ietf-http-wg-dist@listhub.w3.org; Tue, 07 Nov 2023 10:09:56 +0000
Resent-Date: Tue, 07 Nov 2023 10:09:55 +0000
Resent-Message-Id: <E1r0J1v-00FLeo-Rh@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <wwwrun@rfcpa.amsl.com>) id 1r0J1s-00FLdi-I3 for ietf-http-wg@listhub.w3.org; Tue, 07 Nov 2023 10:09:52 +0000
Received: from [50.223.129.200] (helo=rfcpa.amsl.com) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <wwwrun@rfcpa.amsl.com>) id 1r0J1q-006Nwb-GZ for ietf-http-wg@w3.org; Tue, 07 Nov 2023 10:09:52 +0000
Received: by rfcpa.amsl.com (Postfix, from userid 499) id E5BC355E6C; Tue, 7 Nov 2023 02:08:59 -0800 (PST)
To: squid3@treenet.co.nz, fielding@gbiv.com, mnot@mnot.net, julian.reschke@greenbytes.de
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: francesca.palombini@ericsson.com, iesg@ietf.org, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20231107100859.E5BC355E6C@rfcpa.amsl.com>
Date: Tue, 07 Nov 2023 02:08:59 -0800
Received-SPF: softfail client-ip=50.223.129.200; envelope-from=wwwrun@rfcpa.amsl.com; helo=rfcpa.amsl.com
X-W3C-Hub-Spam-Status: No, score=-2.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1r0J1q-006Nwb-GZ ed73fbbd16adfc94676e908fd8d40092
X-Original-To: ietf-http-wg@w3.org
Subject: [Errata Rejected] RFC9112 (7633)
Archived-At: <https://www.w3.org/mid/20231107100859.E5BC355E6C@rfcpa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51570
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
The following errata report has been rejected for RFC9112, "HTTP/1.1". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7633 -------------------------------------- Status: Rejected Type: Technical Reported by: Amos Jeffries <squid3@treenet.co.nz> Date Reported: 2023-09-06 Rejected by: Francesca Palombini (IESG) Section: 2.2 Original Text ------------- Although the line terminator for the start-line and fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR. Corrected Text -------------- Although the line terminator for the start-line, fields, chunk and last-chunk is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR. Notes ----- chunked encoding (section 6.3) uses CRLF for line/framing delimiters in the same manner as other HTTP message sections. But these lines are not listed as a possible sites of bare-LF line terminator. Which makes for an unnecessary parser exception and complicates possible request smuggling robustness between implementations. --VERIFIER NOTES-- The difference was intentional. A chunked parser is not a start line or field parser (it is a message body parser) and it is supposed to be less forgiving because it does not have to retain backwards compatibility with 1.0 parsers. Hence, bare LF around the chunk sizes would be invalid and should result in the connection being marked as invalid. In any case, suggestions to further hardening of the chunked parser would have to be defined in that section, and would need to be achieved through a consensus document, not in an errata report. -------------------------------------- RFC9112 (draft-ietf-httpbis-messaging-19) -------------------------------------- Title : HTTP/1.1 Publication Date : June 2022 Author(s) : R. Fielding, Ed., M. Nottingham, Ed., J. Reschke, Ed. Category : INTERNET STANDARD Source : HTTP Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
- [Errata Rejected] RFC9112 (7633) RFC Errata System