[Nut-upsuser] ISE review of I-D: deprecate command VER?
gdt at lexort.com
Sun Mar 20 22:11:33 GMT 2022
Roger Price <roger at rogerprice.org> writes:
> I received the following comment from the Independent Submissions Editor (ISE):
> The command VER is hazardous because it encourages exploiting of
> implementation peculiarities that are not well documented in a
> protocol. The best example of such a failure is the browser version
> field in HTTP. A complete disaster. You should warn against use of
> this command, or even better, deprecate it.
> I was not aware of the disaster in the browser version field, but I
> will warn against use of VER, and deprecate it, if you agree.
I am quite aware of it, but I haven't seen it called out like this. The
basic issue is that we now have a culture of web servers serving N
different versions of pages based on the User-Agent field, instead of
coding to standards and expecting clients to meet standards. "Disaster"
might be a slightly strong word, but it isn't at all confused.
So a good question is whether it's necessary. Perhaps it's just a
management plane concept, but for SMTP the two sides don't specify
their software or protocol versions.
In general, a fair question is "What if we deleted this? If we wouldn't
have trouble, why are we keeping it?"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: not available
More information about the Nut-upsuser