On 07/31/2016 09:18 AM, William A Rowe Jr wrote:
So all the trailing SP/HTAB are part of obs-fold IMHO.
Should we replace all of them (plus the CRLF) with a single SP or with
as many SP?
Hmmm... Good point. Advancing over them in our HTTP_STRICT mode seems
best, if we have a consensus on this.
Agreed that we should process all the obs-fold whitespace, and not just
one byte.
Replacing each byte with a separate space (as opposed to condensing into
a single space) *might* help prevent adversaries from playing games with
header length checks in more complicated/layered systems. That's
probably a stretch though. And if we consume the CRLF in a different
layer of logic, adding on two spaces just to keep everything
"consistent" may also be a stretch. I'm not feeling strongly either way.
>> > So the obs-fold itself consists of CR LF [ SP | TAB ]
>>
>> obs-fold = CRLF 1*( SP / HTAB )
>>
Note that this section of the spec has Errata associated with it; I'm
reading through the conversation [1] and it's seeming like they *may*
want to treat OWS preceding the CRLF as part of the obs-fold as well. I
don't know what our position is on adopting pieces of Errata that have
been Held for Document Update.
--Jacob
[1] https://www.ietf.org/mail-archive/web/httpbisa/current/msg23721.html
