> On Oct 15, 2016, at 2:10 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> On Sat, Oct 15, 2016 at 3:54 AM, William A Rowe Jr <wr...@rowe-clan.net
> <mailto:wr...@rowe-clan.net>> wrote:
> On Fri, Oct 14, 2016 at 4:44 PM, Roy T. Fielding <field...@gbiv.com
> <mailto:field...@gbiv.com>> wrote:
> Right, though several people have requested it now as errata. Seems likely to
> be in the final update for STD.
> In the HttpProtocolOptions Unsafe mode, it is tolerated.
> Should it be the proper 'Strict' behavior to parse (never generate) such
> FWIW, I see very little harm in potentially unsafe chunk headers because
> it becomes a serious chore to inject between alternating \r-only vs \n-only
> vs space trailing chunk headers. I'm not suggesting it can't be done, but
> most requests-with-body are intrinsically not idempotent, so one must be
> extremely clever to affect cache history.
> But it isn't impossible, so if the editors follow the way of BWS vs. follow
> the absolute explicit statements about HTTP request field names and
> the trailing ':', I'd be somewhat disappointed. Tighten ambiguity where
> there was little ambiguity before. Make explicit the real ambiguity for
> all user-agents and servers to implement. /shrug.
We tried. People complained.
In any case, BWS only includes *( SP / HTAB ). Not much ambiguity there.