Ticket #340 (closed design: wontfix)
|Reported by:||email@example.com||Owned by:||firstname.lastname@example.org|
|Component:||p1-messaging||Severity:||Active WG Document|
3.5. Message Parsing Robustness
Likewise, although the line terminator for the start-line and header fields is the sequence CRLF, we recommend that recipients recognize a single LF as a line terminator and ignore any CR.
Does this mean that CR CR CR CR CR CR LF should be interpreted as a single LF ? It kinds of scares me on the risk of smuggling attacks. I'd rather suggest :
... we recommend that recipients recognize a single LF as a line terminator and ignore the optional preceeding CR. Messages containing a CR not followed by an LF MUST be rejected.