Re: [usefor] Trailing whitespace in header fields

Julien ÉLIE <julien@trigofacile.com> Mon, 08 August 2016 20:45 UTC

Return-Path: <julien@trigofacile.com>
X-Original-To: usefor@ietfa.amsl.com
Delivered-To: usefor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFCBF12B02F for <usefor@ietfa.amsl.com>; Mon, 8 Aug 2016 13:45:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAcXpn54TDV3 for <usefor@ietfa.amsl.com>; Mon, 8 Aug 2016 13:45:40 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp02.smtpout.orange.fr [80.12.242.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB9E012B078 for <usefor@ietf.org>; Mon, 8 Aug 2016 13:45:39 -0700 (PDT)
Received: from macbook-pro-de-julien-elie.home ([92.170.5.52]) by mwinf5d25 with ME id Ukld1t00417Lgi403kld7u; Mon, 08 Aug 2016 22:45:38 +0200
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Mon, 08 Aug 2016 22:45:38 +0200
X-ME-IP: 92.170.5.52
To: usefor@ietf.org
References: <e4e43176-dd01-ee08-b8ec-8e11294fa00c@trigofacile.com> <87vazc57vo.fsf@hope.eyrie.org>
From: =?UTF-8?Q?Julien_=c3=89LIE?= <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <9054684f-22c8-b631-08a1-6090322bf066@trigofacile.com>
Date: Mon, 8 Aug 2016 22:45:37 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <87vazc57vo.fsf@hope.eyrie.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/usefor/Mrv-85O5INhJ8IiPBB8VU-mmmJk>
Subject: Re: [usefor] Trailing whitespace in header fields
X-BeenThere: usefor@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of usefor issues." <usefor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/usefor>, <mailto:usefor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/usefor/>
List-Post: <mailto:usefor@ietf.org>
List-Help: <mailto:usefor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/usefor>, <mailto:usefor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 20:45:43 -0000

Hi Russ,

>> It means that trailing whitespace SHOULD NOT be present in Netnews
>> header field lines.  (RFC 3977 uses a stricter definition of
>> "unstructured" than RFC 5536!)
>
>> Is it really a rule to enforce for Netnews articles?  And does someone
>> know why this is not mentioned at all in RFC 5536?
>
> I'm not sure how much we discussed this at the time, but normally trailing
> whitespace is a SHOULD NOT generate because it tends to get mangled by
> software and is very fragile.  But if that's the only justification (and I
> can't think of another off-hand), it's not the sort of thing for a server
> to enforce, just for a client to not do because it may not survive
> transit.  If the server *can* handle it, it probably should try.

OK, perfectly understood.
Let's just satisfy the "Duties of an Injecting Agent" (per RFC 5537), 
that require amongst other things to check the syntax defined by RFC 
5536.  It therefore does not include any checks about trailing whitespaces.

The general checks for headers are:
- line length (998 octets),
- no white-space-only lines in header field bodies,
- no control chars (except of course \r\n for folding, and \t),
- header name followed by colon+space and header body.

I believe these 4 checks can safely be implemented.
INN (nnrpd) already enforces the first.  It does not enforce the fourth, 
which is tolerated by RFC 5536 ("News agents MAY accept header fields 
that do not contain the required space.")  I believe it is OK to keep 
that tolerance.
However, the second and third checks should be enforced.  One can 
currently inject ^H in header names for instance.

I hope it corresponds to the rules USEFOR had in mind to enforce.

-- 
Julien ÉLIE

« Life is short… so eat dessert first! »