Context Navigation

draft-ietf-httpbis-security-properties.xml @ 1928

Last change on this file since 1928 was 1500, checked in by julian.reschke@…, 9 years ago
fix mime types
Property svn:eol-style set to `native` Property svn:executable set to ``* Property svn:mime-type set to `text/xml`
File size: 33.6 KB

Rev	Line
[177]	1	<?xml version="1.0" encoding="UTF-8"?>
[279]	2	<!DOCTYPE rfc [
[177]	3	<!ENTITY rfc2026 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2026.xml">
	4	<!ENTITY rfc2109 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2109.xml">
	5	<!ENTITY rfc2145 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2145.xml">
	6	<!ENTITY rfc2616 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml">
	7	<!ENTITY rfc2617 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2617.xml">
	8	<!ENTITY rfc2965 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2965.xml">
	9	<!ENTITY rfc3365 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3365.xml">
	10	<!ENTITY rfc3631 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3631.xml">
	11	<!ENTITY rfc3986 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
[278]	12	<!ENTITY rfc4178 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4178.xml">
[177]	13	<!ENTITY rfc4559 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4559.xml">
	14	]>
	15
[549]	16	<rfc category="info" ipr="pre5378Trust200902"
	17	docName="draft-ietf-httpbis-security-properties-latest">
[177]	18
[787]	19	<?xml-stylesheet type="text/xsl" href="rfc2629xslt/rfc2629.xslt" ?>
[216]	20
[787]	21	<?rfc toc="yes" ?>
	22	<?rfc symrefs="yes" ?>
	23	<?rfc sortrefs="yes"?>
	24	<?rfc strict="yes" ?>
	25	<?rfc compact="yes" ?>
	26	<?rfc subcompact="no" ?>
	27	<?rfc linkmailto="no"?>
	28	<?rfc comments="yes"?>
	29	<?rfc inline="yes"?>
[177]	30
[787]	31	<front>
	32	<title>Security Requirements for HTTP</title>
	33	<author initials="J." surname="Hodges" fullname="Jeff Hodges">
	34	<organization>PayPal</organization>
	35	<address>
	36	<email>Jeff.Hodges@PayPal.com</email>
	37	</address>
	38	</author>
	39	<author initials='B.' surname="Leiba" fullname='Barry Leiba'>
	40	<organization>Huawei Technologies</organization>
	41	<address>
	42	<phone>+1 646 827 0648</phone>
	43	<email>barryleiba@computer.org</email>
	44	<uri>http://internetmessagingtechnology.org/</uri>
	45	</address>
	46	</author>
[789]	47	<date year="2010" month="March"/>
[787]	48	<abstract>
	49	<t>
	50	Recent IESG practice dictates that IETF protocols must
	51	specify mandatory-to-implement (MTI) security mechanisms, so
	52	that all conformant implementations share a common
	53	baseline. This document examines all widely deployed
	54	HTTP security technologies, and analyzes the
	55	trade-offs of each.
	56	</t>
	57	</abstract>
	58	</front>
[177]	59
[787]	60	<middle>
[177]	61
[787]	62	<section title="Introduction">
[177]	63
[787]	64	<t>
	65	Recent IESG practice dictates that IETF protocols be
	66	required to specify mandatory-to-implement (MTI) security
	67	mechanisms. "The IETF Standards Process" <xref
	68	target="RFC2026"/> does not require that protocols
	69	specify mandatory security mechanisms. "Strong
	70	Security Requirements for IETF Standard Protocols"
	71	<xref target="RFC3365"/> requires that all IETF
	72	protocols provide a mechanism for implementers to
	73	provide strong security. RFC 3365 does not define the
	74	term "strong security".
	75	</t>
[177]	76
[787]	77	<t>
	78	"Security Mechanisms for the Internet" <xref
	79	target="RFC3631"/> is not an IETF procedural RFC, but
	80	it is perhaps most relevant. Section 2.2 states:
	81	</t>
[177]	82
[787]	83	<figure>
	84	<artwork>
[216]	85	We have evolved in the IETF the notion of "mandatory to implement"
	86	mechanisms. This philosophy evolves from our primary desire to
	87	ensure interoperability between different implementations of a
	88	protocol. If a protocol offers many options for how to perform a
	89	particular task, but fails to provide for at least one that all
	90	must implement, it may be possible that multiple, non-interoperable
	91	implementations may result. This is the consequence of the
	92	selection of non-overlapping mechanisms being deployed in the
	93	different implementations.
[787]	94	</artwork>
	95	</figure>
[177]	96
[787]	97	<t>
	98	This document examines the effects of applying
	99	security constraints to Web applications, documents
	100	the properties that result from each method, and will
	101	make Best Current Practice recommendations for HTTP
	102	security in a later document version. At the moment,
	103	it is mostly a laundry list of security technologies
	104	and tradeoffs.
	105	</t>
[177]	106
[787]	107	<t>
	108	[[ OVERALL ISSUE: It isn't entirely clear to the present editors
	109	what the purpose of this document is. On one hand it
	110	could be a compendium of peer-entity authentication
	111	mechanisms (as it is presently) and make MTI recommendations
	112	thereof, or it could be a place for various security
	113	considerations (either coalesced here from the other
	114	httpbis specs, or reserved for the more gnarly cross-spec
	115	composite ones), or both. This needs to be clarified.
	116	]]
	117	</t>
[177]	118
[787]	119	</section>
[177]	120
[787]	121	<section title="Existing HTTP Security Mechanisms">
[177]	122
[787]	123	<t>
	124	For HTTP, the IETF generally defines "security
	125	mechanisms" as some combination of access
	126	authentication and/or a secure transport.
	127	</t>
[216]	128
[787]	129	<t>
	130	[[ There is a suggestion that this section be split
	131	into "browser-like" and "automation-like"
	132	subsections. See:
	133	<list>
	134	<t>http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0180.html</t>
	135	<t>http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0183.html</t>
	136	</list>
	137	]]
	138	</t>
[216]	139
[787]	140	<t>
	141	[[ NTLM (shudder)
	142	was brought up in the WG a few times
	143	in the discussion of the -00 draft. Should we add a
	144	section on it? See..
	145	<list>
	146	<t>http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0132.html</t>
	147	<t>http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0135.html</t>
	148	</list>
	149	]]
	150	</t>
[177]	151
[787]	152	<section title="Forms And Cookies">
[177]	153
[787]	154	<t>
	155	[[ JH: I am not convinced that this subsection
	156	properly belongs in this overall section in that
	157	"HTTP+HTML Form based authentication"
	158	<http://en.wikipedia.org/wiki/HTTP%2BHTML_Form_based_authentication>
	159	is not properly a part of HTTP itself. Rather, it is
	160	a piece of applications layered on top of HTTP. Use of cookies for
	161	state management (e.g. session maintanence) can be
	162	considered such, however (although there is no
	163	overall specification for HTTP user agents stipulating
	164	that they must implement cookies (nominally
	165	<xref target="RFC2109"/>)). Perhaps this section should be
	166	should be retitled "HTTP Authentication".
	167	</t>
	168	<t>
	169	Note: The httpstate WG was recently chartered to develop a successor to
	170	<xref target="RFC2109"/>. See..
	171	<list>
	172	<t>http://www.ietf.org/dyn/wg/charter/httpstate-charter.html</t>
	173	</list>
	174	</t>
	175	<t>
	176	]]
	177	</t>
[177]	178
[787]	179	<t>
	180	Almost all HTTP authentication that involves a
	181	human using a web browser is accomplished through
	182	HTML forms, with session identifiers stored in
	183	cookies. For cookies, most implementations rely on
	184	the "Netscape specification", which is described
	185	loosely in section 10 of "HTTP State Management
	186	Mechanism" <xref target="RFC2109"/>. The protocol
	187	in RFC 2109 is relatively widely implemented, but
	188	most clients don't advertise support for it. RFC
	189	2109 was later updated <xref target="RFC2965"/>,
	190	but the newer version is not widely implemented.
	191	</t>
[177]	192
[787]	193	<t>
	194	Forms and cookies have many properties that make
	195	them an excellent solution for some
	196	implementers. However, many of those properties
	197	introduce serious security trade-offs.
	198	</t>
[177]	199
[787]	200	<t>
	201	HTML forms provide a large degree of control over
	202	presentation, which is an imperative for many
	203	websites. However, this increases user reliance on
	204	the appearance of the interface. Many users do not
	205	understand the construction of URIs <xref
	206	target="RFC3986"/>, or their presentation in
	207	common clients <xref target="PhishingHOWTO"/>. As
	208	a result, forms are extremely vulnerable to
	209	spoofing.
	210	</t>
[177]	211
[787]	212	<t>
	213	HTML forms provide acceptable internationalization
	214	if used carefully, at the cost of being
	215	transmitted as normal HTTP content in all cases
	216	(credentials are not differentiated in the
	217	protocol).
	218	</t>
[177]	219
[787]	220	<t>
	221	Many Web browsers have an auto-complete feature
	222	that stores a user's information and pre-populates
	223	fields in forms. This is considered to be a
	224	convenience mechanism, and convenience mechanisms
	225	often have negative security properties. The
	226	security concerns with auto-completion are
	227	particularly poignant for web browsers that reside
	228	on computers with multiple users. HTML forms
	229	provide a facility for sites to indicate that a
	230	field, such as a password, should never be
	231	pre-populated. However, it is clear that some form
	232	creators do not use this facility when they
	233	should.
	234	</t>
[177]	235
[787]	236	<t>
	237	The cookies that result from a successful form
	238	submission make it unnecessary to validate
	239	credentials with each HTTP request; this makes
	240	cookies an excellent property for
	241	scalability. Cookies are susceptible to a large
	242	variety of XSS (cross-site scripting) attacks, and
	243	measures to prevent such attacks will never be as
	244	stringent as necessary for authentication
	245	credentials because cookies are used for many
	246	purposes. Cookies are also susceptible to a wide
	247	variety of attacks from malicious intermediaries
	248	and observers. The possible attacks depend on the
	249	contents of the cookie data. There is no standard
	250	format for most of the data.
	251	</t>
[177]	252
[787]	253	<t>
	254	HTML forms and cookies provide flexible ways of
	255	ending a session from the client.
	256	</t>
[177]	257
[787]	258	<t>
	259	HTML forms require an HTML rendering engine for
	260	which many protocols have no use.
	261	</t>
[177]	262
[787]	263	</section>
[177]	264
[787]	265	<section title="HTTP Access Authentication">
[177]	266
[787]	267	<t>
	268	HTTP 1.1 provides a simple authentication
	269	framework, "HTTP Authentication: Basic and Digest
	270	Access Authentication" <xref target="RFC2617"/>,
	271	which defines two optional mechanisms. Both of
	272	these mechanisms are extremely rarely used in
	273	comparison to forms and cookies, but some degree
	274	of support for one or both is available in many
	275	implementations. Neither scheme provides
	276	presentation control, logout capabilities, or
	277	interoperable internationalization.
	278	</t>
[177]	279
[787]	280	<section title="Basic Authentication">
[177]	281
[787]	282	<t>
	283	Basic Authentication (normally called just
	284	"Basic") transmits usernames and passwords in
	285	the clear. It is very easy to implement, but
	286	not at all secure unless used over a secure
	287	transport.
	288	</t>
[177]	289
[787]	290	<t>
	291	Basic has very poor scalability properties
	292	because credentials must be revalidated with
	293	every request, and because secure transports
	294	negate many of HTTP's caching mechanisms. Some
	295	implementations use cookies in combination
	296	with Basic credentials, but there is no
	297	standard method of doing so.
	298	</t>
[177]	299
[787]	300	<t>
	301	Since Basic credentials are clear text, they
	302	are reusable by any party. This makes them
	303	compatible with any authentication database,
	304	at the cost of making the user vulnerable to
	305	mismanaged or malicious servers, even over a
	306	secure channel.
	307	</t>
[177]	308
[787]	309	<t>
	310	Basic is not interoperable when used with
	311	credentials that contain characters outside of
	312	the ISO 8859-1 repertoire.
	313	</t>
[177]	314
[787]	315	</section>
[177]	316
[787]	317	<section title="Digest Authentication">
	318
	319	<t>
	320	In Digest Authentication, the client transmits
	321	the results of hashing user credentials with
	322	properties of the request and values from the
	323	server challenge. Digest is susceptible to
	324	man-in-the-middle attacks when not used over a
	325	secure transport.
	326	</t>
[177]	327
[787]	328	<t>
	329	Digest has some properties that are preferable
	330	to Basic and Cookies. Credentials are not
	331	immediately reusable by parties that observe
	332	or receive them, and session data can be
	333	transmitted alongside credentials with each
	334	request, allowing servers to validate
	335	credentials only when absolutely
	336	necessary. Authentication data session keys
	337	are distinct from other protocol traffic.
	338	</t>
[177]	339
[787]	340	<t>
	341	Digest includes many modes of operation, but
	342	only the simplest modes enjoy any degree of
	343	interoperability. For example, most
	344	implementations do not implement the mode that
	345	provides full message integrity. Perhaps one
	346	reason is that implementation experience has
	347	shown that in some cases, especially those
	348	involving large requests or responses such as
	349	streams, the message integrity mode is
	350	impractical because it requires servers to
	351	analyze the full request before determining
	352	whether the client knows the shared secret or
	353	whether message-body integrity has been
	354	violated and hence whether the request can be
	355	processed.
	356	</t>
[177]	357
[787]	358	<t>
	359	Digest is extremely susceptible to offline
	360	dictionary attacks, making it practical for
	361	attackers to perform a namespace walk
	362	consisting of a few million passwords for most
	363	users.
	364	</t>
[177]	365
[787]	366	<t>
	367	Many of the most widely-deployed HTTP/1.1
	368	clients are not compliant when GET requests
	369	include a query string <xref
	370	target="Apache_Digest"/>.
	371	</t>
[177]	372
[787]	373	<t>
	374	Digest either requires that authentication
	375	databases be expressly designed to accommodate
	376	it, or requires access to cleartext passwords.
	377	As a result, many authentication databases
	378	that chose to do the former are incompatible,
	379	including the most common method of storing
	380	passwords for use with Forms and Cookies.
	381	</t>
[177]	382
[787]	383	<t>
	384	Many Digest capabilities included to prevent
	385	replay attacks expose the server to Denial of
	386	Service attacks.
	387	</t>
[177]	388
[787]	389	<t>
	390	Digest is not interoperable when used with
	391	credentials that contain characters outside of
	392	the ISO 8859-1 repertoire.
	393	</t>
[177]	394
[787]	395	</section>
[278]	396
[787]	397	<section title="Authentication Using Certificates in TLS">
[278]	398
[787]	399	<t>
	400	Running HTTP over TLS provides authentication
	401	of the HTTP server to the client. HTTP over
	402	TLS can also provides authentication of the
	403	client to the server using
	404	certificates. Although forms are a much more
	405	common way to authenticate users to HTTP
	406	servers, TLS client certificates are widely
	407	used in some environments. The public key
	408	infrastructure (PKI) used to validate
	409	certificates in TLS can be rooted in public
	410	trust anchors or can be based on local trust
	411	anchors.
	412	</t>
[278]	413
[787]	414	</section>
[177]	415
[787]	416	<section title="Other Access Authentication Schemes">
[177]	417
[787]	418	<t>
	419	There are many niche schemes that make use of
	420	the HTTP Authentication framework, but very
	421	few are well documented. Some are bound to
	422	transport layer connections.
	423	</t>
[177]	424
[787]	425	<section title="Negotiate (GSS-API) Authentication">
[177]	426
[787]	427	<t>
	428	Microsoft has designed an HTTP
	429	authentication mechanism that utilizes
	430	SPNEGO <xref target="RFC4178"/> GSSAPI
	431	<xref target="RFC4559"/>. In Microsoft's
	432	implementation, SPNEGO allows selection
	433	between Kerberos and NTLM (Microsoft NT
	434	Lan Manager protocols).
	435	</t>
[278]	436
[787]	437	<t>
	438	In Kerberos, clients and servers rely on a
	439	trusted third-party authentication service
	440	which maintains its own authentication
	441	database. Kerberos is typically used with
	442	shared secret key cryptography, but
	443	extensions for use of other authentication
	444	mechnanisms such as PKIX certificates and
	445	two-factor tokens are also common.
	446	Kerberos was designed to work under the
	447	assumption that packets traveling along
	448	the network can be read, modified, and
	449	inserted at will.
	450	</t>
[278]	451
[787]	452	<t>
	453	Unlike Digest, Negotiate authentication
	454	can take multiple round trips (client
	455	sending authentication data in
	456	Authorization, server sending
	457	authentication data in WWW-Authenticate)
	458	to complete.
	459	</t>
[278]	460
[787]	461	<t>
	462	Kerberos authentication is generally more
	463	secure than Digest. However the
	464	requirement for having a separate network
	465	authentication service might be a barrier
	466	to deployment.
	467	</t>
[278]	468
[787]	469	<!--
	470	Kerberos didn't support Unicode till relatively recently. I am not sure if this
	471	is an issue with Microsoft's implementation.
	472	-->
[177]	473
[787]	474	</section>
[177]	475
[787]	476	<section title="OAuth">
[177]	477
[787]	478	<t>
	479	[[ See..
	480	<list>
	481	<t>http://www.ietf.org/id/draft-hammer-http-token-auth-01.txt</t>
	482	<t>http://www.ietf.org/id/draft-hammer-oauth-10.txt</t>
	483	</list>
	484	]]
	485	</t>
[177]	486
[787]	487	</section>
[177]	488
[787]	489	</section>
[177]	490
[787]	491	</section>
[177]	492
[787]	493	<section title="Centrally-Issued Tickets">
[177]	494
[787]	495	<t>
	496	Many large Internet services rely on
	497	authentication schemes that center on clients
	498	consulting a single service for a time-limited
	499	ticket that is validated with undocumented
	500	heuristics. Centralized ticket issuing has the
	501	advantage that users may employ one set of
	502	credentials for many services, and clients don't
	503	send credentials to many servers. This approach is
	504	often no more than a sophisticated application of
	505	forms and cookies.
	506	</t>
[177]	507
[787]	508	<t>
	509	All of the schemes in wide use are proprietary and
	510	non-standard, and usually are undocumented. There
	511	are many standardization efforts in progress, as
	512	usual.
	513	</t>
[216]	514
[787]	515	</section>
[177]	516
[787]	517	<section title="Web Services">
[177]	518
[787]	519	<t>
	520	Many security properties mentioned in this
	521	document have been recast in XML-based protocols,
	522	using HTTP as a substitute for TCP. Like the
	523	amalgam of HTTP technologies mentioned above, the
	524	XML-based protocols are defined by an
	525	ever-changing combination of standard and
	526	vendor-produced specifications, some of which may
	527	be obsoleted at any time <xref
	528	target="WS-Pagecount"/> without any documented
	529	change control procedures. These protocols usually
	530	don't have much in common with the Architecture of
	531	the World Wide Web. It's not clear why the term
	532	"Web" is used to group them, but they are
	533	obviously out of scope for HTTP-based application
	534	protocols.
	535	</t>
[177]	536
[787]	537	<t>
	538	[[ This section could really use a good definition
	539	of "Web Services" to differentiate it from
	540	REST. See..
	541	<list>
	542	<t>http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0536.html</t>
	543	</list>
	544	]]
	545	</t>
[177]	546
[787]	547	</section>
[177]	548
[787]	549	<section title="Transport Layer Security">
[177]	550
[787]	551	<t>
	552	In addition to using TLS for client and/or server
	553	authentication, it is also very commonly used to
	554	protect the confidentiality and integrity of the
	555	HTTP session. For instance, both HTTP Basic
	556	authentication and Cookies are often protected
	557	against snooping by TLS.
	558	</t>
[177]	559
[787]	560	<t>
	561	It should be noted that, in that case, TLS does
	562	not protect against a breach of the credential
	563	store at the server or against a keylogger or
	564	phishing interface at the client. TLS does not
	565	change the fact that Basic Authentication
	566	passwords are reusable and does not address that
	567	weakness.
	568	</t>
[177]	569
[787]	570	</section>
[177]	571
[787]	572	</section>
[177]	573
[787]	574	<section title="Revisions To HTTP">
[177]	575
[787]	576	<t>
	577	Is is possible that HTTP will be revised in the
	578	future. "HTTP/1.1" <xref target="RFC2616"/> and "Use
	579	and Interpretation of HTTP Version Numbers" <xref
	580	target="RFC2145"/> define conformance requirements in
	581	relation to version numbers. In HTTP 1.1, all
	582	authentication mechanisms are optional, and no single
	583	transport substrate is specified. Any HTTP revision
	584	that adds a mandatory security mechanism or transport
	585	substrate will have to increment the HTTP version
	586	number appropriately. All widely used schemes are
	587	non-standard and/or proprietary.
	588	</t>
[177]	589
[787]	590	</section>
[177]	591
[787]	592	<section title="IANA Considerations">
	593	<t>This document has no actions for IANA.</t>
	594	</section>
[177]	595
[787]	596	<section title="Security Considerations">
[177]	597
[787]	598	<t>This entire document is about security considerations.</t>
	599
	600	</section>
	601
	602
	603
	604	</middle>
	605
	606	<back>
	607
	608	<references title="Normative References">
	609
[177]	610	&rfc2026;
	611	&rfc2145;
	612	&rfc2616;
	613	&rfc2617;
	614	&rfc2965;
	615	&rfc3365;
	616	&rfc3631;
	617	&rfc3986;
[278]	618	&rfc4178;
[177]	619	&rfc4559;
	620
[787]	621	<reference anchor="Apache_Digest"
	622	target="http://httpd.apache.org/docs/1.3/mod/mod_auth_digest.html">
[177]	623	<front>
	624	<title>Apache HTTP Server - mod_auth_digest</title>
	625	<author surname="Apache Software Foundation">
	626	<organization />
	627	</author>
[787]	628	<date year="" month="" />
[177]	629	</front>
	630	</reference>
	631
[787]	632	<reference anchor="PhishingHOWTO"
	633	target="http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf">
[216]	634	<front>
	635	<title>Phishing Tips and Techniques</title>
	636	<author initials="P." surname="Gutmann" fullname="Peter Gutmann">
	637	<organization /></author>
[787]	638	<date year="2008" month="February" />
[216]	639	</front>
	640	</reference>
	641
[787]	642	<reference anchor="WS-Pagecount"
	643	target="http://www.tbray.org/ongoing/When/200x/2004/09/21/WS-Research">
[177]	644	<front>
	645	<title>WS-Pagecount</title>
	646	<author initials="T." surname="Bray" fullname="Tim Bray">
	647	<organization />
	648	</author>
[787]	649	<date year="2004" month="September" />
[177]	650	</front>
	651	</reference>
	652
[787]	653	</references>
[177]	654
[787]	655	<references title="Informative References">
[177]	656
[787]	657	&rfc2109;
[177]	658
	659
[787]	660	</references>
[177]	661
[787]	662	<section title="Acknowledgements">
[177]	663
[787]	664	<t>
	665	Much of the material in this document was written by
	666	Rob Sayre, who first promoted the topic. Many others
	667	on the HTTPbis Working Group have contributed to this
	668	document in the discussion.
	669	</t>
[177]	670
[787]	671	</section>
[177]	672
[787]	673	<section title="Document History">
[177]	674
[787]	675	<t>[This entire section is to be removed when published as an RFC.]</t>
[177]	676
[787]	677	<section title="Changes between draft-sayre-http-security-variance-00 and
	678	draft-ietf-httpbis-security-properties-00">
[177]	679
[787]	680	<t>Changed the authors to Paul Hoffman and Alexey Melnikov, with permission
	681	of Rob Sayre.</t>
[177]	682
[787]	683	<t>Made lots of minor editorial changes.</t>
[177]	684
[787]	685	<t>Removed what was section 2 (Requirements Notation), the reference
	686	to RFC 2119, and any use of 2119ish all-caps words.</t>
[177]	687
[787]	688	<t>In 3.2.1 and 3.2.2, changed "Latin-1 range" to "ISO 8859-1
	689	repertoire" to match the definition of "TEXT" in RFC 2616.</t>
[278]	690
[787]	691	<t>Added minor text to the Security Considerations section.</t>
[216]	692
[787]	693	<t>Added URLs to the two non-RFC references.</t>
[216]	694
[787]	695	</section>
[216]	696
	697
[787]	698	<section title="Changes between -00 and -01">
[216]	699
[787]	700	<t>Fixed some editorial nits reported by Iain Calder.</t>
	701
	702	<t>Added the suggestions about splitting for browsers and
	703	automation, and about adding NTLM, to be beginning of 2.</t>
	704
	705	<t>In 2.1, added "that involves a human
	706	using a web browser" in the first sentence.</t>
	707
	708	<t>In 2.1, changed "session key" to "session identifier".</t>
	709
	710	<t>In 2.2.2, changed
[216]	711	<figure><artwork><![CDATA[
	712	Digest includes many modes of operation, but only the simplest modes
	713	enjoy any degree of interoperability. For example, most
	714	implementations do not implement the mode that provides full message
	715	integrity. Additionally, implementation experience has shown that
	716	the message integrity mode is impractical because it requires servers
	717	to analyze the full request before determining whether the client
	718	knows the shared secret.
	719	]]></artwork></figure>
[787]	720	to
[216]	721	<figure><artwork><![CDATA[
	722	Digest includes many modes of operation, but only the simplest
	723	modes enjoy any degree of interoperability. For example, most
	724	implementations do not implement the mode that provides full message
	725	integrity. Perhaps one reason is that implementation experience has
	726	shown that in some cases, especially those involving large requests
	727	or responses such as streams, the message integrity mode is
	728	impractical because it requires servers to analyze the full request
	729	before determining whether the client knows the shared secret or
	730	whether message-body integrity has been violated and hence whether
	731	the request can be processed.
	732	]]></artwork></figure>
	733	</t>
	734
[787]	735	<t>In 2.4, asked for a definition of "Web Services".</t>
[216]	736
[787]	737	<t>In A, added the WG.</t>
[216]	738
[787]	739	</section>
[177]	740
[278]	741
[787]	742	<section title="Changes between -01 and -02">
[278]	743
[787]	744	<t>In section 2.1, added more to the paragraph on auto-completion of
	745	HTML forms.</t>
[278]	746
[787]	747	<t>Added the section on TLS for authentication.</t>
[278]	748
[787]	749	<t>Filled in section 2.5.</t>
[278]	750
[787]	751	</section>
[216]	752
[278]	753
[787]	754	<section title="Changes between -02 and -03">
[278]	755
[787]	756	<t>
	757	Changed IPR licensing from "full3978" to "pre5378Trust200902".
	758	</t>
[177]	759
[787]	760	</section>
	761
	762
	763	<section title="Changes between -03 and -04">
	764
	765	<t>
	766	Changed authors to be
	767	Jeff Hodges (JH) and Barry Leiba (BL)
	768	with permission of Paul
	769	Hoffman, Alexey Melnikov, and Mark Nottingham
	770	(httpbis chair).
	771	</t>
	772
	773	<t>
	774	Added "OVERALL ISSUE" to introduction.
	775	</t>
	776
	777	<t>
	778	Added links to email messages on mailing list(s) where
	779	various suggestions for this document were brought up. I.e.
	780	added various links to those comments herein
	781	delimited by "[[...]]" braces.
	782	</t>
	783
	784	<t>
	785	Noted JH's belief that "HTTP+HTML Form based authentication"
	786	aka "Forms And Cookies" doesn't properly belong in
	787	the section where it presently resides. Added link to httpstate WG.
	788	</t>
	789
	790	<t>
	791	Added references to OAuth. Section needs to be filled-in as yet.
	792	</t>
	793
	794	<t>
	795	Moved ref to RFC2109 to new "Informative References" section, and
	796	added a placeholder "IANA Considerations" section in order
	797	to satisfy IDnits checking.
	798	</t>
	799
	800
	801	</section>
	802
[789]	803	<section title="Changes between -04 and -05">
	804
	805	<t>
	806	Fixed incorrect <date> year from 2009 to 2010. mea culpa.
	807	</t>
	808
	809	</section>
	810
[787]	811	</section>
	812
	813	</back>
	814
[177]	815	</rfc>
[787]	816
	817
	818	<!-- PLEASE DO NOT DELETE!!! The below is used by XEmacs XML major-mode -->
	819	<!--
	820	Local Variables:
	821	mode: xml
	822	indent-tabs-mode:nil
	823	sgml-omittag:t
	824	sgml-shorttag:t
	825	sgml-namecase-general:t
	826	sgml-general-insert-case:lower
	827	sgml-minimize-attributes:nil
	828	sgml-always-quote-attributes:t
	829	sgml-indent-step:4
	830	sgml-indent-data:t
	831	sgml-parent-document:nil
	832	sgml-exposed-tags:nil
	833	sgml-local-catalogs:nil
	834	sgml-local-ecat-files:nil
	835	End:
	836	-->
	837	<!-- PLEASE DO NOT DELETE!!! The above is used by XEmacs XML major-mode -->
	838

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: draft-ietf-httpbis-security-properties/latest/draft-ietf-httpbis-security-properties.xml @ 1928

Download in other formats: