IETF Logo Mail Archive

Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Mon, 26 June 2023 07:14 UTC

Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <phk@critter.freebsd.dk>) id 1qDgQQ-00HPLD-0p for ietf-http-wg@listhub.w3.org; Mon, 26 Jun 2023 07:14:14 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <phk@critter.freebsd.dk>) id 1qDgQO-00FNhB-BC for ietf-http-wg@w3.org; Mon, 26 Jun 2023 07:14:13 +0000
Received: from critter.freebsd.dk (unknown [192.168.55.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by phk.freebsd.dk (Postfix) with ESMTPS id 25B0189282; Mon, 26 Jun 2023 07:14:05 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.17.1/8.16.1) with ESMTPS id 35Q7E4IO068514 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 26 Jun 2023 07:14:04 GMT (envelope-from phk@critter.freebsd.dk)
Received: (from phk@localhost) by critter.freebsd.dk (8.17.1/8.16.1/Submit) id 35Q7E4JR068513; Mon, 26 Jun 2023 07:14:04 GMT (envelope-from phk)
Message-Id: <202306260714.35Q7E4JR068513@critter.freebsd.dk>
To: Mark Nottingham <mnot@mnot.net>
cc: Tommy Pauly <tpauly@apple.com>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <84B0BBBB-6652-4442-88DF-0E3F3FEF5CEF@mnot.net>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <FC5270AF-509C-4331-AE8F-1F2D51BBC5F2@apple.com> <39E3B9FB-DD37-4D22-A35E-D50DAC512C69@apple.com> <84B0BBBB-6652-4442-88DF-0E3F3FEF5CEF@mnot.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <68511.1687763644.1@critter.freebsd.dk>
Date: Mon, 26 Jun 2023 07:14:04 +0000
Received-SPF: pass client-ip=130.225.244.222; envelope-from=phk@critter.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1qDgQO-00FNhB-BC fc1ada004880a7821888fa4ea16bc36d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis
Archived-At: <https://www.w3.org/mid/202306260714.35Q7E4JR068513@critter.freebsd.dk>

--------
Mark Nottingham writes:

> I've merged that PR. If there are lingering issues -- either on Display
> Strings or other parts of the spec -- now is a good time to file them,
> as the issues list for this draft is currently empty.

I have opened an issue for the fact that

	%"bla\"bla%22"

and

	%"bla%22bla\""

are semantically identical.

IMO that is an invitation to smuggling attacks which there is no need
at all to codify.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

v2.23.0 | Report a Bug | By Email