source: draft-ietf-httpbis/latest/auth48/rfc7230.abdiff.txt @ 2666

Last change on this file since 2666 was 2666, checked in by julian.reschke@…, 6 years ago

quoting, punctuation (#553)

File size: 32.2 KB
RevLine 
[2631]1
2INTRODUCTION, paragraph 1:
3OLD:
4
5 HTTPbis Working Group                                   R. Fielding, Ed.
6 Internet-Draft                                                     Adobe
[2634]7 Obsoletes: 2145, 2616                                    J. Reschke, Ed.
8 (if approved)                                                 greenbytes
[2666]9 Updates: 2817, 2818 (if approved)                           May 12, 2014
[2634]10 Intended status: Standards Track
[2666]11 Expires: November 13, 2014
[2631]12
13NEW:
14
15 Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
16 Request for Comments: 7230                                         Adobe
17 Obsoletes: 2145, 2616                                    J. Reschke, Ed.
18 Updates: 2817, 2818                                           greenbytes
19 Category: Standards Track                                       May 2014
20 ISSN: 2070-1721
21
22
23INTRODUCTION, paragraph 2:
24OLD:
25
26    Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
27                  draft-ietf-httpbis-p1-messaging-latest
28
29NEW:
30
31    Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
32
33
34INTRODUCTION, paragraph 5:
35OLD:
36
37 Editorial Note (To be removed by RFC Editor)
38 
39    Discussion of this draft takes place on the HTTPBIS working group
40    mailing list (ietf-http-wg@w3.org), which is archived at
41    <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
42 
43    The current issues list is at
44    <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
45    documents (including fancy diffs) can be found at
46    <http://tools.ietf.org/wg/httpbis/>.
47 
[2632]48    _This is a temporary document for the purpose of tracking the
49    editorial changes made during the AUTH48 (RFC publication) phase._
[2631]50 
51 Status of This Memo
52
53NEW:
54
55 Status of This Memo
56
57
58INTRODUCTION, paragraph 6:
59OLD:
60
61    This Internet-Draft is submitted in full conformance with the
62    provisions of BCP 78 and BCP 79.
[2632]63 
64    Internet-Drafts are working documents of the Internet Engineering
65    Task Force (IETF).  Note that other groups may also distribute
66    working documents as Internet-Drafts.  The list of current Internet-
67    Drafts is at http://datatracker.ietf.org/drafts/current/.
[2631]68
69NEW:
70
71    This is an Internet Standards Track document.
72
73
74INTRODUCTION, paragraph 7:
75OLD:
76
[2632]77    Internet-Drafts are draft documents valid for a maximum of six months
78    and may be updated, replaced, or obsoleted by other documents at any
79    time.  It is inappropriate to use Internet-Drafts as reference
80    material or to cite them other than as "work in progress."
[2631]81
82NEW:
83
84    This document is a product of the Internet Engineering Task Force
85    (IETF).  It represents the consensus of the IETF community.  It has
86    received public review and has been approved for publication by the
87    Internet Engineering Steering Group (IESG).  Further information on
88    Internet Standards is available in Section 2 of RFC 5741.
89
90
91INTRODUCTION, paragraph 8:
92OLD:
93
[2666]94    This Internet-Draft will expire on November 13, 2014.
[2631]95
96NEW:
97
98    Information about the current status of this document, any errata,
99    and how to provide feedback on it may be obtained at
100    http://www.rfc-editor.org/info/rfc7230.
101
102
103Section 11., paragraph 0:
104OLD:
105
106    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
[2633]107      1.1.  Requirements Notation  . . . . . . . . . . . . . . . . . .  6
[2631]108      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
109    2.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  6
110      2.1.  Client/Server Messaging  . . . . . . . . . . . . . . . . .  7
111      2.2.  Implementation Diversity . . . . . . . . . . . . . . . . .  8
112      2.3.  Intermediaries . . . . . . . . . . . . . . . . . . . . . .  9
113      2.4.  Caches . . . . . . . . . . . . . . . . . . . . . . . . . . 11
114      2.5.  Conformance and Error Handling . . . . . . . . . . . . . . 12
115      2.6.  Protocol Versioning  . . . . . . . . . . . . . . . . . . . 13
116      2.7.  Uniform Resource Identifiers . . . . . . . . . . . . . . . 16
[2633]117        2.7.1.  http URI Scheme  . . . . . . . . . . . . . . . . . . . 16
118        2.7.2.  https URI Scheme . . . . . . . . . . . . . . . . . . . 18
[2631]119        2.7.3.  http and https URI Normalization and Comparison  . . . 19
[2634]120 
[2631]121    3.  Message Format . . . . . . . . . . . . . . . . . . . . . . . . 19
122      3.1.  Start Line . . . . . . . . . . . . . . . . . . . . . . . . 20
123        3.1.1.  Request Line . . . . . . . . . . . . . . . . . . . . . 21
124        3.1.2.  Status Line  . . . . . . . . . . . . . . . . . . . . . 22
125      3.2.  Header Fields  . . . . . . . . . . . . . . . . . . . . . . 22
126        3.2.1.  Field Extensibility  . . . . . . . . . . . . . . . . . 23
127        3.2.2.  Field Order  . . . . . . . . . . . . . . . . . . . . . 23
128        3.2.3.  Whitespace . . . . . . . . . . . . . . . . . . . . . . 24
[2660]129        3.2.4.  Field Parsing  . . . . . . . . . . . . . . . . . . . . 24
[2631]130        3.2.5.  Field Limits . . . . . . . . . . . . . . . . . . . . . 26
[2633]131        3.2.6.  Field Value Components . . . . . . . . . . . . . . . . 26
[2631]132      3.3.  Message Body . . . . . . . . . . . . . . . . . . . . . . . 27
133        3.3.1.  Transfer-Encoding  . . . . . . . . . . . . . . . . . . 28
[2660]134        3.3.2.  Content-Length . . . . . . . . . . . . . . . . . . . . 29
[2631]135        3.3.3.  Message Body Length  . . . . . . . . . . . . . . . . . 31
136      3.4.  Handling Incomplete Messages . . . . . . . . . . . . . . . 33
137      3.5.  Message Parsing Robustness . . . . . . . . . . . . . . . . 34
[2660]138    4.  Transfer Codings . . . . . . . . . . . . . . . . . . . . . . . 34
[2631]139      4.1.  Chunked Transfer Coding  . . . . . . . . . . . . . . . . . 35
140        4.1.1.  Chunk Extensions . . . . . . . . . . . . . . . . . . . 36
141        4.1.2.  Chunked Trailer Part . . . . . . . . . . . . . . . . . 36
142        4.1.3.  Decoding Chunked . . . . . . . . . . . . . . . . . . . 37
[2660]143      4.2.  Compression Codings  . . . . . . . . . . . . . . . . . . . 37
[2631]144        4.2.1.  Compress Coding  . . . . . . . . . . . . . . . . . . . 38
145        4.2.2.  Deflate Coding . . . . . . . . . . . . . . . . . . . . 38
146        4.2.3.  Gzip Coding  . . . . . . . . . . . . . . . . . . . . . 38
147      4.3.  TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
148      4.4.  Trailer  . . . . . . . . . . . . . . . . . . . . . . . . . 39
[2660]149    5.  Message Routing  . . . . . . . . . . . . . . . . . . . . . . . 39
[2631]150      5.1.  Identifying a Target Resource  . . . . . . . . . . . . . . 40
151      5.2.  Connecting Inbound . . . . . . . . . . . . . . . . . . . . 40
152      5.3.  Request Target . . . . . . . . . . . . . . . . . . . . . . 41
153        5.3.1.  origin-form  . . . . . . . . . . . . . . . . . . . . . 41
[2660]154        5.3.2.  absolute-form  . . . . . . . . . . . . . . . . . . . . 41
[2631]155        5.3.3.  authority-form . . . . . . . . . . . . . . . . . . . . 42
156        5.3.4.  asterisk-form  . . . . . . . . . . . . . . . . . . . . 42
157      5.4.  Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
158      5.5.  Effective Request URI  . . . . . . . . . . . . . . . . . . 44
159      5.6.  Associating a Response to a Request  . . . . . . . . . . . 46
160      5.7.  Message Forwarding . . . . . . . . . . . . . . . . . . . . 46
[2660]161        5.7.1.  Via  . . . . . . . . . . . . . . . . . . . . . . . . . 46
[2631]162        5.7.2.  Transformations  . . . . . . . . . . . . . . . . . . . 48
163    6.  Connection Management  . . . . . . . . . . . . . . . . . . . . 49
164      6.1.  Connection . . . . . . . . . . . . . . . . . . . . . . . . 50
165      6.2.  Establishment  . . . . . . . . . . . . . . . . . . . . . . 51
[2660]166      6.3.  Persistence  . . . . . . . . . . . . . . . . . . . . . . . 51
167        6.3.1.  Retrying Requests  . . . . . . . . . . . . . . . . . . 52
[2631]168        6.3.2.  Pipelining . . . . . . . . . . . . . . . . . . . . . . 53
[2634]169 
[2631]170      6.4.  Concurrency  . . . . . . . . . . . . . . . . . . . . . . . 54
[2642]171      6.5.  Failures and Timeouts  . . . . . . . . . . . . . . . . . . 54
[2631]172      6.6.  Tear-down  . . . . . . . . . . . . . . . . . . . . . . . . 55
173      6.7.  Upgrade  . . . . . . . . . . . . . . . . . . . . . . . . . 56
[2633]174    7.  ABNF List Extension: #rule . . . . . . . . . . . . . . . . . . 58
[2660]175    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 59
176      8.1.  Header Field Registration  . . . . . . . . . . . . . . . . 59
[2631]177      8.2.  URI Scheme Registration  . . . . . . . . . . . . . . . . . 60
[2660]178      8.3.  Internet Media Type Registration . . . . . . . . . . . . . 60
[2631]179        8.3.1.  Internet Media Type message/http . . . . . . . . . . . 61
180        8.3.2.  Internet Media Type application/http . . . . . . . . . 62
181      8.4.  Transfer Coding Registry . . . . . . . . . . . . . . . . . 63
182        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 63
183        8.4.2.  Registration . . . . . . . . . . . . . . . . . . . . . 64
184      8.5.  Content Coding Registration  . . . . . . . . . . . . . . . 64
[2660]185      8.6.  Upgrade Token Registry . . . . . . . . . . . . . . . . . . 64
[2631]186        8.6.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 65
[2660]187        8.6.2.  Upgrade Token Registration . . . . . . . . . . . . . . 65
[2631]188    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 66
189      9.1.  Establishing Authority . . . . . . . . . . . . . . . . . . 66
190      9.2.  Risks of Intermediaries  . . . . . . . . . . . . . . . . . 67
[2660]191      9.3.  Attacks via Protocol Element Length  . . . . . . . . . . . 67
[2631]192      9.4.  Response Splitting . . . . . . . . . . . . . . . . . . . . 68
193      9.5.  Request Smuggling  . . . . . . . . . . . . . . . . . . . . 69
194      9.6.  Message Integrity  . . . . . . . . . . . . . . . . . . . . 69
[2660]195      9.7.  Message Confidentiality  . . . . . . . . . . . . . . . . . 69
[2631]196      9.8.  Privacy of Server Log Information  . . . . . . . . . . . . 70
[2660]197    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 70
[2631]198    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72
199      11.1. Normative References . . . . . . . . . . . . . . . . . . . 72
[2660]200      11.2. Informative References . . . . . . . . . . . . . . . . . . 73
201    Appendix A.  HTTP Version History  . . . . . . . . . . . . . . . . 75
202      A.1.  Changes from HTTP/1.0  . . . . . . . . . . . . . . . . . . 76
203        A.1.1.  Multi-homed Web Servers  . . . . . . . . . . . . . . . 76
[2631]204        A.1.2.  Keep-Alive Connections . . . . . . . . . . . . . . . . 77
[2660]205        A.1.3.  Introduction of Transfer-Encoding  . . . . . . . . . . 77
206      A.2.  Changes from RFC 2616  . . . . . . . . . . . . . . . . . . 77
[2631]207    Appendix B.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 80
[2632]208    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
[2631]209
210NEW:
211
212    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
213      1.1.  Requirements Notation  . . . . . . . . . . . . . . . . . .  6
214      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
215    2.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  6
216      2.1.  Client/Server Messaging  . . . . . . . . . . . . . . . . .  7
217      2.2.  Implementation Diversity . . . . . . . . . . . . . . . . .  8
218      2.3.  Intermediaries . . . . . . . . . . . . . . . . . . . . . .  9
219      2.4.  Caches . . . . . . . . . . . . . . . . . . . . . . . . . . 11
220      2.5.  Conformance and Error Handling . . . . . . . . . . . . . . 12
221      2.6.  Protocol Versioning  . . . . . . . . . . . . . . . . . . . 13
222      2.7.  Uniform Resource Identifiers . . . . . . . . . . . . . . . 16
223        2.7.1.  http URI Scheme  . . . . . . . . . . . . . . . . . . . 16
224        2.7.2.  https URI Scheme . . . . . . . . . . . . . . . . . . . 18
225        2.7.3.  http and https URI Normalization and Comparison  . . . 19
226    3.  Message Format . . . . . . . . . . . . . . . . . . . . . . . . 19
227      3.1.  Start Line . . . . . . . . . . . . . . . . . . . . . . . . 20
228        3.1.1.  Request Line . . . . . . . . . . . . . . . . . . . . . 21
229        3.1.2.  Status Line  . . . . . . . . . . . . . . . . . . . . . 22
230      3.2.  Header Fields  . . . . . . . . . . . . . . . . . . . . . . 22
231        3.2.1.  Field Extensibility  . . . . . . . . . . . . . . . . . 23
232        3.2.2.  Field Order  . . . . . . . . . . . . . . . . . . . . . 23
233        3.2.3.  Whitespace . . . . . . . . . . . . . . . . . . . . . . 24
[2665]234        3.2.4.  Field Parsing  . . . . . . . . . . . . . . . . . . . . 24
[2631]235        3.2.5.  Field Limits . . . . . . . . . . . . . . . . . . . . . 26
236        3.2.6.  Field Value Components . . . . . . . . . . . . . . . . 26
237      3.3.  Message Body . . . . . . . . . . . . . . . . . . . . . . . 27
238        3.3.1.  Transfer-Encoding  . . . . . . . . . . . . . . . . . . 28
[2665]239        3.3.2.  Content-Length . . . . . . . . . . . . . . . . . . . . 29
[2631]240        3.3.3.  Message Body Length  . . . . . . . . . . . . . . . . . 31
241      3.4.  Handling Incomplete Messages . . . . . . . . . . . . . . . 33
242      3.5.  Message Parsing Robustness . . . . . . . . . . . . . . . . 34
[2665]243    4.  Transfer Codings . . . . . . . . . . . . . . . . . . . . . . . 34
[2631]244      4.1.  Chunked Transfer Coding  . . . . . . . . . . . . . . . . . 35
245        4.1.1.  Chunk Extensions . . . . . . . . . . . . . . . . . . . 36
246        4.1.2.  Chunked Trailer Part . . . . . . . . . . . . . . . . . 36
247        4.1.3.  Decoding Chunked . . . . . . . . . . . . . . . . . . . 37
[2665]248      4.2.  Compression Codings  . . . . . . . . . . . . . . . . . . . 37
[2631]249        4.2.1.  Compress Coding  . . . . . . . . . . . . . . . . . . . 38
250        4.2.2.  Deflate Coding . . . . . . . . . . . . . . . . . . . . 38
251        4.2.3.  Gzip Coding  . . . . . . . . . . . . . . . . . . . . . 38
252      4.3.  TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
253      4.4.  Trailer  . . . . . . . . . . . . . . . . . . . . . . . . . 39
[2665]254    5.  Message Routing  . . . . . . . . . . . . . . . . . . . . . . . 39
[2631]255      5.1.  Identifying a Target Resource  . . . . . . . . . . . . . . 40
256      5.2.  Connecting Inbound . . . . . . . . . . . . . . . . . . . . 40
257      5.3.  Request Target . . . . . . . . . . . . . . . . . . . . . . 41
258        5.3.1.  origin-form  . . . . . . . . . . . . . . . . . . . . . 41
[2665]259        5.3.2.  absolute-form  . . . . . . . . . . . . . . . . . . . . 41
[2631]260        5.3.3.  authority-form . . . . . . . . . . . . . . . . . . . . 42
261        5.3.4.  asterisk-form  . . . . . . . . . . . . . . . . . . . . 42
262      5.4.  Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
263      5.5.  Effective Request URI  . . . . . . . . . . . . . . . . . . 44
264      5.6.  Associating a Response to a Request  . . . . . . . . . . . 46
265      5.7.  Message Forwarding . . . . . . . . . . . . . . . . . . . . 46
[2665]266        5.7.1.  Via  . . . . . . . . . . . . . . . . . . . . . . . . . 46
[2631]267        5.7.2.  Transformations  . . . . . . . . . . . . . . . . . . . 48
268    6.  Connection Management  . . . . . . . . . . . . . . . . . . . . 49
269      6.1.  Connection . . . . . . . . . . . . . . . . . . . . . . . . 50
270      6.2.  Establishment  . . . . . . . . . . . . . . . . . . . . . . 51
[2665]271      6.3.  Persistence  . . . . . . . . . . . . . . . . . . . . . . . 51
272        6.3.1.  Retrying Requests  . . . . . . . . . . . . . . . . . . 52
[2631]273        6.3.2.  Pipelining . . . . . . . . . . . . . . . . . . . . . . 53
274      6.4.  Concurrency  . . . . . . . . . . . . . . . . . . . . . . . 54
275      6.5.  Failures and Timeouts  . . . . . . . . . . . . . . . . . . 54
[2665]276      6.6.  Tear-down  . . . . . . . . . . . . . . . . . . . . . . . . 55
[2631]277      6.7.  Upgrade  . . . . . . . . . . . . . . . . . . . . . . . . . 56
278    7.  ABNF List Extension: #rule . . . . . . . . . . . . . . . . . . 58
[2665]279    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 59
280      8.1.  Header Field Registration  . . . . . . . . . . . . . . . . 59
[2631]281      8.2.  URI Scheme Registration  . . . . . . . . . . . . . . . . . 60
[2665]282      8.3.  Internet Media Type Registration . . . . . . . . . . . . . 60
[2631]283        8.3.1.  Internet Media Type message/http . . . . . . . . . . . 61
284        8.3.2.  Internet Media Type application/http . . . . . . . . . 62
285      8.4.  Transfer Coding Registry . . . . . . . . . . . . . . . . . 63
286        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 63
287        8.4.2.  Registration . . . . . . . . . . . . . . . . . . . . . 64
288      8.5.  Content Coding Registration  . . . . . . . . . . . . . . . 64
[2665]289      8.6.  Upgrade Token Registry . . . . . . . . . . . . . . . . . . 64
[2631]290        8.6.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 65
[2665]291        8.6.2.  Upgrade Token Registration . . . . . . . . . . . . . . 65
[2631]292    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 66
293      9.1.  Establishing Authority . . . . . . . . . . . . . . . . . . 66
294      9.2.  Risks of Intermediaries  . . . . . . . . . . . . . . . . . 67
[2665]295      9.3.  Attacks via Protocol Element Length  . . . . . . . . . . . 67
[2631]296      9.4.  Response Splitting . . . . . . . . . . . . . . . . . . . . 68
297      9.5.  Request Smuggling  . . . . . . . . . . . . . . . . . . . . 69
298      9.6.  Message Integrity  . . . . . . . . . . . . . . . . . . . . 69
[2665]299      9.7.  Message Confidentiality  . . . . . . . . . . . . . . . . . 69
[2631]300      9.8.  Privacy of Server Log Information  . . . . . . . . . . . . 70
[2665]301    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 70
[2631]302    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72
303      11.1. Normative References . . . . . . . . . . . . . . . . . . . 72
[2665]304      11.2. Informative References . . . . . . . . . . . . . . . . . . 73
305    Appendix A.  HTTP Version History  . . . . . . . . . . . . . . . . 75
[2631]306      A.1.  Changes from HTTP/1.0  . . . . . . . . . . . . . . . . . . 76
[2665]307        A.1.1.  Multihomed Web Servers . . . . . . . . . . . . . . . . 76
308        A.1.2.  Keep-Alive Connections . . . . . . . . . . . . . . . . 76
309        A.1.3.  Introduction of Transfer-Encoding  . . . . . . . . . . 77
310      A.2.  Changes from RFC 2616  . . . . . . . . . . . . . . . . . . 77
311    Appendix B.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 79
[2631]312    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
313
314
315Section 3.2.4., paragraph 8:
316OLD:
317
[2649]318    Historically, HTTP has allowed field content with text in the
319    ISO-8859-1 charset [ISO-8859-1], supporting other charsets only
320    through use of [RFC2047] encoding.  In practice, most HTTP header
321    field values use only a subset of the US-ASCII charset [USASCII].
322    Newly defined header fields SHOULD limit their field values to
323    US-ASCII octets.  A recipient SHOULD treat other octets in field
324    content (obs-text) as opaque data.
[2631]325
326NEW:
327
328    Historically, HTTP has allowed field content with text in the
[2665]329    ISO-8859-charset [ISO-8859-1], supporting other charsets only through
330    use of [RFC2047] encoding.  In practice, most HTTP header field
331    values use only a subset of the US-ASCII charset [USASCII].  Newly
332    defined header fields SHOULD limit their field values to US-ASCII
333    octets.  A recipient SHOULD treat other octets in field content
334    (obs-text) as opaque data.
[2631]335
336
[2665]337Section 3.3., paragraph 4:
[2631]338OLD:
339
[2665]340    The presence of a message body in a request is signaled by a Content-
341    Length or Transfer-Encoding header field.  Request message framing is
342    independent of method semantics, even if the method does not define
343    any use for a message body.
[2631]344
345NEW:
346
[2665]347    The presence of a message body in a request is signaled by a
348    "Content-Length" or Transfer-Encoding header field.  Request message
349    framing is independent of method semantics, even if the method does
350    not define any use for a message body.
[2631]351
352
353Section 5.7.2., paragraph 6:
354OLD:
355
356    A proxy MUST NOT transform the payload (Section 3.3 of [RFC7231]) of
357    a message that contains a no-transform cache-control directive
358    (Section 5.2 of [RFC7234]).
359
360NEW:
361
362    A proxy MUST NOT transform the payload (Section 3.3 of [RFC7231]) of
363    a message that contains a no-transform Cache-Control directive
364    (Section 5.2 of [RFC7234]).
365
366
367Section 200, paragraph 0:
368OLD:
369
370    A proxy MAY transform the payload of a message that does not contain
371    a no-transform cache-control directive.  A proxy that transforms a
372    payload MUST add a Warning header field with the warn-code of 214
373    ("Transformation Applied") if one is not already in the message (see
374    Section 5.5 of [RFC7234]).  A proxy that transforms the payload of a
375    200 (OK) response can further inform downstream recipients that a
376    transformation has been applied by changing the response status code
377    to 203 (Non-Authoritative Information) (Section 6.3.4 of [RFC7231]).
378
379NEW:
380
381    A proxy MAY transform the payload of a message that does not contain
382    a no-transform Cache-Control directive.  A proxy that transforms a
383    payload MUST add a Warning header field with the warn-code of 214
384    ("Transformation Applied") if one is not already in the message (see
385    Section 5.5 of [RFC7234]).  A proxy that transforms the payload of a
386    200 (OK) response can further inform downstream recipients that a
387    transformation has been applied by changing the response status code
388    to 203 (Non-Authoritative Information) (Section 6.3.4 of [RFC7231]).
389
390
391Section 9.2., paragraph 1:
392OLD:
393
[2666]394    By their very nature, HTTP intermediaries are men-in-the-middle and,
395    thus, represent an opportunity for man-in-the-middle attacks.
[2631]396    Compromise of the systems on which the intermediaries run can result
397    in serious security and privacy problems.  Intermediaries might have
398    access to security-related information, personal information about
399    individual users and organizations, and proprietary information
400    belonging to users and content providers.  A compromised
401    intermediary, or an intermediary implemented or configured without
402    regard to security and privacy considerations, might be used in the
403    commission of a wide range of potential attacks.
404
405NEW:
406
407    By their very nature, HTTP intermediaries are men in the middle and,
408    thus, represent an opportunity for man-in-the-middle attacks.
409    Compromise of the systems on which the intermediaries run can result
410    in serious security and privacy problems.  Intermediaries might have
411    access to security-related information, personal information about
412    individual users and organizations, and proprietary information
413    belonging to users and content providers.  A compromised
414    intermediary, or an intermediary implemented or configured without
415    regard to security and privacy considerations, might be used in the
416    commission of a wide range of potential attacks.
417
418
[2665]419Section 11.1., paragraph 8:
[2631]420OLD:
421
422    [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
423                  Transfer Protocol (HTTP/1.1): Semantics and Content",
424                  draft-ietf-httpbis-p2-semantics-latest (work in
425                  progress), May 2014.
426
427NEW:
428
429    [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
430                  Transfer Protocol (HTTP/1.1): Semantics and Content",
431                  RFC 7231, May 2014.
432
433
[2665]434Section 11.1., paragraph 9:
[2631]435OLD:
436
437    [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
438                  Transfer Protocol (HTTP/1.1): Conditional Requests",
439                  draft-ietf-httpbis-p4-conditional-latest (work in
440                  progress), May 2014.
441
442NEW:
443
444    [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
445                  Transfer Protocol (HTTP/1.1): Conditional Requests",
446                  RFC 7232, May 2014.
447
448
[2665]449Section 11.1., paragraph 10:
[2631]450OLD:
451
452    [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
453                  "Hypertext Transfer Protocol (HTTP/1.1): Range
454                  Requests", draft-ietf-httpbis-p5-range-latest (work in
455                  progress), May 2014.
456
457NEW:
458
459    [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
460                  "Hypertext Transfer Protocol (HTTP/1.1): Range
461                  Requests", RFC 7233, May 2014.
462
463
[2665]464Section 11.1., paragraph 11:
[2631]465OLD:
466
467    [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
468                  Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
469                  draft-ietf-httpbis-p6-cache-latest (work in progress),
470                  May 2014.
471
472NEW:
473
474    [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
475                  Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
476                  RFC 7234, May 2014.
477
478
[2665]479Section 11.1., paragraph 12:
[2631]480OLD:
481
482    [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
483                  Transfer Protocol (HTTP/1.1): Authentication",
484                  draft-ietf-httpbis-p7-auth-latest (work in progress),
485                  May 2014.
486
487NEW:
488
489    [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
490                  Transfer Protocol (HTTP/1.1): Authentication",
491                  RFC 7235, May 2014.
492
493
494Appendix A., paragraph 7:
495OLD:
496
497 A.1.1.  Multi-homed Web Servers
498
499NEW:
500
501 A.1.1.  Multihomed Web Servers
502
503
504Section 19.7.1, paragraph 9:
505OLD:
506
507    The HTTP-version ABNF production has been clarified to be case-
[2647]508    sensitive.  Additionally, version numbers have been restricted to
[2631]509    single digits, due to the fact that implementations are known to
510    handle multi-digit version numbers incorrectly.  (Section 2.6)
[2660]511    Userinfo (i.e., username and password) are now disallowed in HTTP and
512    HTTPS URIs, because of security issues related to their transmission
513    on the wire.  (Section 2.7.1)
[2631]514
515NEW:
516
[2665]517    The HTTP-version ABNF production has been clarified to be case-
[2631]518    sensitive.  Additionally, version numbers have been restricted to
519    single digits, due to the fact that implementations are known to
[2665]520    handle multi-digit version numbers incorrectly.  (Section 2.6)
[2660]521 
[2631]522    Userinfo (i.e., username and password) are now disallowed in HTTP and
523    HTTPS URIs, because of security issues related to their transmission
[2665]524    on the wire.  (Section 2.7.1)
[2631]525
526
527Section 19.7.1, paragraph 20:
528OLD:
529
530    The meaning of the "deflate" content coding has been clarified.
531    (Section 4.2.2)
[2665]532 
[2631]533    The segment + query components of RFC 3986 have been used to define
534    the request-target, instead of abs_path from RFC 1808.  The asterisk-
535    form of the request-target is only allowed with the OPTIONS method.
536    (Section 5.3)
537
538NEW:
539
[2665]540    The meaning of the "deflate" content coding has been clarified.
541    (Section 4.2.2)
[2631]542    The segment + query components of RFC 3986 have been used to define
543    the request-target, instead of abs_path from RFC 1808.  The asterisk-
[2665]544    form of the request-target is only allowed with the OPTIONS method.
545    (Section 5.3)
[2631]546
547
[2665]548Appendix B., paragraph 2:
[2631]549OLD:
550
[2665]551    Connection = *( "," OWS ) connection-option *( OWS "," [ OWS
552     connection-option ] )
553    Content-Length = 1*DIGIT
[2631]554
555NEW:
556
[2665]557    Connection = *( "," OWS ) connection-option *( OWS "," [ OWS
558     connection-option ] )
559 
560    Content-Length = 1*DIGIT
[2631]561
562
[2665]563Appendix B., paragraph 19:
[2631]564OLD:
565
[2665]566    scheme = <scheme, defined in [RFC3986], Section 3.1>
567    segment = <segment, defined in [RFC3986], Section 3.3>
568    start-line = request-line / status-line
569    status-code = 3DIGIT
570    status-line = HTTP-version SP status-code SP reason-phrase CRLF
[2631]571 
[2665]572    t-codings = "trailers" / ( transfer-coding [ t-ranking ] )
573    t-ranking = OWS ";" OWS "q=" rank
574    tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
575     "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
576    token = 1*tchar
577    trailer-part = *( header-field CRLF )
578    transfer-coding = "chunked" / "compress" / "deflate" / "gzip" /
579     transfer-extension
580    transfer-extension = token *( OWS ";" OWS transfer-parameter )
581    transfer-parameter = token BWS "=" BWS ( token / quoted-string )
[2631]582
583NEW:
584
[2665]585    scheme = <scheme, defined in [RFC3986], Section 3.1>
586    segment = <segment, defined in [RFC3986], Section 3.3>
587    start-line = request-line / status-line
588    status-code = 3DIGIT
589    status-line = HTTP-version SP status-code SP reason-phrase CRLF
590    t-codings = "trailers" / ( transfer-coding [ t-ranking ] )
591    t-ranking = OWS ";" OWS "q=" rank
592    tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
593     "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
594    token = 1*tchar
595    trailer-part = *( header-field CRLF )
596    transfer-coding = "chunked" / "compress" / "deflate" / "gzip" /
597     transfer-extension
598    transfer-extension = token *( OWS ";" OWS transfer-parameter )
599    transfer-parameter = token BWS "=" BWS ( token / quoted-string )
[2631]600
601
[2660]602Appendix B., paragraph 27:
[2631]603OLD:
604
605    G
606       gateway  10
607       Grammar
[2660]608          absolute-form  41
[2631]609          absolute-path  16
610          absolute-URI  16
611          ALPHA  6
612          asterisk-form  41-42
613          authority  16
614          authority-form  41-42
615          BWS  24
616          chunk  35
617          chunk-data  35
618          chunk-ext  35-36
619          chunk-ext-name  36
620          chunk-ext-val  36
621          chunk-size  35
622          chunked-body  35-36
623          comment  27
[2660]624          Connection  50
625          connection-option  50
626          Content-Length  29
[2631]627          CR  6
628          CRLF  6
629          ctext  27
630          CTL  6
631          DIGIT  6
632          DQUOTE  6
633          field-content  22
634          field-name  22, 39
635          field-value  22
636          field-vchar  22
637          fragment  16
638          header-field  22, 36
639          HEXDIG  6
640          Host  43
641          HTAB  6
642          HTTP-message  19
643          HTTP-name  13
644          http-URI  16
645          HTTP-version  13
646          https-URI  18
647          last-chunk  35
648          LF  6
649          message-body  27
650          method  21
651          obs-fold  22
652          obs-text  27
653          OCTET  6
654          origin-form  41
655          OWS  24
656          partial-URI  16
657          port  16
658          protocol-name  47
659          protocol-version  47
660          pseudonym  47
661          qdtext  27
662          query  16
663          quoted-pair  27
664          quoted-string  27
665          rank  38
666          reason-phrase  22
667          received-by  47
668          received-protocol  47
669          request-line  21
670          request-target  41
671          RWS  24
672          scheme  16
673          segment  16
674          SP  6
675          start-line  20
676          status-code  22
677          status-line  22
678          t-codings  38
679          t-ranking  38
[2660]680          tchar  26
[2631]681          TE  38
[2660]682          token  26
[2631]683          Trailer  39
684          trailer-part  35-36
685          transfer-coding  35
686          Transfer-Encoding  28
687          transfer-extension  35
688          transfer-parameter  35
689          Upgrade  56
690          uri-host  16
691          URI-reference  16
692          VCHAR  6
693          Via  47
[2660]694 
[2631]695       gzip (Coding Format)  38
696
697NEW:
698
699    G
700       gateway  10
701       Grammar
[2665]702          absolute-form  41
[2631]703          absolute-path  16
704          absolute-URI  16
705          ALPHA  6
706          asterisk-form  41-42
707          authority  16
708          authority-form  41-42
709          BWS  24
710          chunk  35
711          chunk-data  35
712          chunk-ext  35-36
713          chunk-ext-name  36
714          chunk-ext-val  36
715          chunk-size  35
716          chunked-body  35-36
717          comment  27
[2665]718          Connection  50
719          connection-option  50
720          Content-Length  29
[2631]721          CR  6
722          CRLF  6
723          ctext  27
724          CTL  6
725          DIGIT  6
726          DQUOTE  6
727          field-content  22
728          field-name  22, 39
729          field-value  22
730          field-vchar  22
731          fragment  16
732          header-field  22, 36
733          HEXDIG  6
734          Host  43
735          HTAB  6
736          HTTP-message  19
[2665]737          HTTP-name  13
[2631]738          http-URI  16
[2665]739          HTTP-version  13
[2631]740          https-URI  18
741          last-chunk  35
742          LF  6
743          message-body  27
744          method  21
745          obs-fold  22
746          obs-text  27
747          OCTET  6
748          origin-form  41
749          OWS  24
750          partial-URI  16
751          port  16
752          protocol-name  47
753          protocol-version  47
754          pseudonym  47
755          qdtext  27
756          query  16
757          quoted-pair  27
758          quoted-string  27
759          rank  38
760          reason-phrase  22
761          received-by  47
762          received-protocol  47
763          request-line  21
764          request-target  41
765          RWS  24
766          scheme  16
767          segment  16
768          SP  6
769          start-line  20
770          status-code  22
771          status-line  22
772          t-codings  38
773          t-ranking  38
[2665]774          tchar  26
[2631]775          TE  38
[2665]776          token  26
[2631]777          Trailer  39
778          trailer-part  35-36
779          transfer-coding  35
780          Transfer-Encoding  28
781          transfer-extension  35
782          transfer-parameter  35
783          Upgrade  56
784          uri-host  16
785          URI-reference  16
786          VCHAR  6
787          Via  47
788       gzip (Coding Format)  38
789
Note: See TracBrowser for help on using the repository browser.