source: draft-ietf-httpbis/latest/auth48/rfc7230.abdiff.txt @ 2665

Last change on this file since 2665 was 2665, checked in by julian.reschke@…, 6 years ago

updated AUTH48 versions of RFC7230 and RFC7231 (#553)

File size: 34.2 KB
Line 
1
2INTRODUCTION, paragraph 1:
3OLD:
4
5 HTTPbis Working Group                                   R. Fielding, Ed.
6 Internet-Draft                                                     Adobe
7 Obsoletes: 2145, 2616                                    J. Reschke, Ed.
8 (if approved)                                                 greenbytes
9 Updates: 2817, 2818 (if approved)                            May 9, 2014
10 Intended status: Standards Track
11 Expires: November 10, 2014
12
13NEW:
14
15 Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
16 Request for Comments: 7230                                         Adobe
17 Obsoletes: 2145, 2616                                    J. Reschke, Ed.
18 Updates: 2817, 2818                                           greenbytes
19 Category: Standards Track                                       May 2014
20 ISSN: 2070-1721
21
22
23INTRODUCTION, paragraph 2:
24OLD:
25
26    Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
27                  draft-ietf-httpbis-p1-messaging-latest
28
29NEW:
30
31    Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
32
33
34INTRODUCTION, paragraph 5:
35OLD:
36
37 Editorial Note (To be removed by RFC Editor)
38 
39    Discussion of this draft takes place on the HTTPBIS working group
40    mailing list (ietf-http-wg@w3.org), which is archived at
41    <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
42 
43    The current issues list is at
44    <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
45    documents (including fancy diffs) can be found at
46    <http://tools.ietf.org/wg/httpbis/>.
47 
48    _This is a temporary document for the purpose of tracking the
49    editorial changes made during the AUTH48 (RFC publication) phase._
50 
51 Status of This Memo
52
53NEW:
54
55 Status of This Memo
56
57
58INTRODUCTION, paragraph 6:
59OLD:
60
61    This Internet-Draft is submitted in full conformance with the
62    provisions of BCP 78 and BCP 79.
63 
64    Internet-Drafts are working documents of the Internet Engineering
65    Task Force (IETF).  Note that other groups may also distribute
66    working documents as Internet-Drafts.  The list of current Internet-
67    Drafts is at http://datatracker.ietf.org/drafts/current/.
68
69NEW:
70
71    This is an Internet Standards Track document.
72
73
74INTRODUCTION, paragraph 7:
75OLD:
76
77    Internet-Drafts are draft documents valid for a maximum of six months
78    and may be updated, replaced, or obsoleted by other documents at any
79    time.  It is inappropriate to use Internet-Drafts as reference
80    material or to cite them other than as "work in progress."
81
82NEW:
83
84    This document is a product of the Internet Engineering Task Force
85    (IETF).  It represents the consensus of the IETF community.  It has
86    received public review and has been approved for publication by the
87    Internet Engineering Steering Group (IESG).  Further information on
88    Internet Standards is available in Section 2 of RFC 5741.
89
90
91INTRODUCTION, paragraph 8:
92OLD:
93
94    This Internet-Draft will expire on November 10, 2014.
95
96NEW:
97
98    Information about the current status of this document, any errata,
99    and how to provide feedback on it may be obtained at
100    http://www.rfc-editor.org/info/rfc7230.
101
102
103Section 11., paragraph 0:
104OLD:
105
106    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
107      1.1.  Requirements Notation  . . . . . . . . . . . . . . . . . .  6
108      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
109    2.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  6
110      2.1.  Client/Server Messaging  . . . . . . . . . . . . . . . . .  7
111      2.2.  Implementation Diversity . . . . . . . . . . . . . . . . .  8
112      2.3.  Intermediaries . . . . . . . . . . . . . . . . . . . . . .  9
113      2.4.  Caches . . . . . . . . . . . . . . . . . . . . . . . . . . 11
114      2.5.  Conformance and Error Handling . . . . . . . . . . . . . . 12
115      2.6.  Protocol Versioning  . . . . . . . . . . . . . . . . . . . 13
116      2.7.  Uniform Resource Identifiers . . . . . . . . . . . . . . . 16
117        2.7.1.  http URI Scheme  . . . . . . . . . . . . . . . . . . . 16
118        2.7.2.  https URI Scheme . . . . . . . . . . . . . . . . . . . 18
119        2.7.3.  http and https URI Normalization and Comparison  . . . 19
120 
121    3.  Message Format . . . . . . . . . . . . . . . . . . . . . . . . 19
122      3.1.  Start Line . . . . . . . . . . . . . . . . . . . . . . . . 20
123        3.1.1.  Request Line . . . . . . . . . . . . . . . . . . . . . 21
124        3.1.2.  Status Line  . . . . . . . . . . . . . . . . . . . . . 22
125      3.2.  Header Fields  . . . . . . . . . . . . . . . . . . . . . . 22
126        3.2.1.  Field Extensibility  . . . . . . . . . . . . . . . . . 23
127        3.2.2.  Field Order  . . . . . . . . . . . . . . . . . . . . . 23
128        3.2.3.  Whitespace . . . . . . . . . . . . . . . . . . . . . . 24
129        3.2.4.  Field Parsing  . . . . . . . . . . . . . . . . . . . . 24
130        3.2.5.  Field Limits . . . . . . . . . . . . . . . . . . . . . 26
131        3.2.6.  Field Value Components . . . . . . . . . . . . . . . . 26
132      3.3.  Message Body . . . . . . . . . . . . . . . . . . . . . . . 27
133        3.3.1.  Transfer-Encoding  . . . . . . . . . . . . . . . . . . 28
134        3.3.2.  Content-Length . . . . . . . . . . . . . . . . . . . . 29
135        3.3.3.  Message Body Length  . . . . . . . . . . . . . . . . . 31
136      3.4.  Handling Incomplete Messages . . . . . . . . . . . . . . . 33
137      3.5.  Message Parsing Robustness . . . . . . . . . . . . . . . . 34
138    4.  Transfer Codings . . . . . . . . . . . . . . . . . . . . . . . 34
139      4.1.  Chunked Transfer Coding  . . . . . . . . . . . . . . . . . 35
140        4.1.1.  Chunk Extensions . . . . . . . . . . . . . . . . . . . 36
141        4.1.2.  Chunked Trailer Part . . . . . . . . . . . . . . . . . 36
142        4.1.3.  Decoding Chunked . . . . . . . . . . . . . . . . . . . 37
143      4.2.  Compression Codings  . . . . . . . . . . . . . . . . . . . 37
144        4.2.1.  Compress Coding  . . . . . . . . . . . . . . . . . . . 38
145        4.2.2.  Deflate Coding . . . . . . . . . . . . . . . . . . . . 38
146        4.2.3.  Gzip Coding  . . . . . . . . . . . . . . . . . . . . . 38
147      4.3.  TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
148      4.4.  Trailer  . . . . . . . . . . . . . . . . . . . . . . . . . 39
149    5.  Message Routing  . . . . . . . . . . . . . . . . . . . . . . . 39
150      5.1.  Identifying a Target Resource  . . . . . . . . . . . . . . 40
151      5.2.  Connecting Inbound . . . . . . . . . . . . . . . . . . . . 40
152      5.3.  Request Target . . . . . . . . . . . . . . . . . . . . . . 41
153        5.3.1.  origin-form  . . . . . . . . . . . . . . . . . . . . . 41
154        5.3.2.  absolute-form  . . . . . . . . . . . . . . . . . . . . 41
155        5.3.3.  authority-form . . . . . . . . . . . . . . . . . . . . 42
156        5.3.4.  asterisk-form  . . . . . . . . . . . . . . . . . . . . 42
157      5.4.  Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
158      5.5.  Effective Request URI  . . . . . . . . . . . . . . . . . . 44
159      5.6.  Associating a Response to a Request  . . . . . . . . . . . 46
160      5.7.  Message Forwarding . . . . . . . . . . . . . . . . . . . . 46
161        5.7.1.  Via  . . . . . . . . . . . . . . . . . . . . . . . . . 46
162        5.7.2.  Transformations  . . . . . . . . . . . . . . . . . . . 48
163    6.  Connection Management  . . . . . . . . . . . . . . . . . . . . 49
164      6.1.  Connection . . . . . . . . . . . . . . . . . . . . . . . . 50
165      6.2.  Establishment  . . . . . . . . . . . . . . . . . . . . . . 51
166      6.3.  Persistence  . . . . . . . . . . . . . . . . . . . . . . . 51
167        6.3.1.  Retrying Requests  . . . . . . . . . . . . . . . . . . 52
168        6.3.2.  Pipelining . . . . . . . . . . . . . . . . . . . . . . 53
169 
170      6.4.  Concurrency  . . . . . . . . . . . . . . . . . . . . . . . 54
171      6.5.  Failures and Timeouts  . . . . . . . . . . . . . . . . . . 54
172      6.6.  Tear-down  . . . . . . . . . . . . . . . . . . . . . . . . 55
173      6.7.  Upgrade  . . . . . . . . . . . . . . . . . . . . . . . . . 56
174    7.  ABNF List Extension: #rule . . . . . . . . . . . . . . . . . . 58
175    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 59
176      8.1.  Header Field Registration  . . . . . . . . . . . . . . . . 59
177      8.2.  URI Scheme Registration  . . . . . . . . . . . . . . . . . 60
178      8.3.  Internet Media Type Registration . . . . . . . . . . . . . 60
179        8.3.1.  Internet Media Type message/http . . . . . . . . . . . 61
180        8.3.2.  Internet Media Type application/http . . . . . . . . . 62
181      8.4.  Transfer Coding Registry . . . . . . . . . . . . . . . . . 63
182        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 63
183        8.4.2.  Registration . . . . . . . . . . . . . . . . . . . . . 64
184      8.5.  Content Coding Registration  . . . . . . . . . . . . . . . 64
185      8.6.  Upgrade Token Registry . . . . . . . . . . . . . . . . . . 64
186        8.6.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 65
187        8.6.2.  Upgrade Token Registration . . . . . . . . . . . . . . 65
188    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 66
189      9.1.  Establishing Authority . . . . . . . . . . . . . . . . . . 66
190      9.2.  Risks of Intermediaries  . . . . . . . . . . . . . . . . . 67
191      9.3.  Attacks via Protocol Element Length  . . . . . . . . . . . 67
192      9.4.  Response Splitting . . . . . . . . . . . . . . . . . . . . 68
193      9.5.  Request Smuggling  . . . . . . . . . . . . . . . . . . . . 69
194      9.6.  Message Integrity  . . . . . . . . . . . . . . . . . . . . 69
195      9.7.  Message Confidentiality  . . . . . . . . . . . . . . . . . 69
196      9.8.  Privacy of Server Log Information  . . . . . . . . . . . . 70
197    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 70
198    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72
199      11.1. Normative References . . . . . . . . . . . . . . . . . . . 72
200      11.2. Informative References . . . . . . . . . . . . . . . . . . 73
201    Appendix A.  HTTP Version History  . . . . . . . . . . . . . . . . 75
202      A.1.  Changes from HTTP/1.0  . . . . . . . . . . . . . . . . . . 76
203        A.1.1.  Multi-homed Web Servers  . . . . . . . . . . . . . . . 76
204        A.1.2.  Keep-Alive Connections . . . . . . . . . . . . . . . . 77
205        A.1.3.  Introduction of Transfer-Encoding  . . . . . . . . . . 77
206      A.2.  Changes from RFC 2616  . . . . . . . . . . . . . . . . . . 77
207    Appendix B.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 80
208    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
209
210NEW:
211
212    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
213      1.1.  Requirements Notation  . . . . . . . . . . . . . . . . . .  6
214      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
215    2.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  6
216      2.1.  Client/Server Messaging  . . . . . . . . . . . . . . . . .  7
217      2.2.  Implementation Diversity . . . . . . . . . . . . . . . . .  8
218      2.3.  Intermediaries . . . . . . . . . . . . . . . . . . . . . .  9
219      2.4.  Caches . . . . . . . . . . . . . . . . . . . . . . . . . . 11
220      2.5.  Conformance and Error Handling . . . . . . . . . . . . . . 12
221      2.6.  Protocol Versioning  . . . . . . . . . . . . . . . . . . . 13
222      2.7.  Uniform Resource Identifiers . . . . . . . . . . . . . . . 16
223        2.7.1.  http URI Scheme  . . . . . . . . . . . . . . . . . . . 16
224        2.7.2.  https URI Scheme . . . . . . . . . . . . . . . . . . . 18
225        2.7.3.  http and https URI Normalization and Comparison  . . . 19
226    3.  Message Format . . . . . . . . . . . . . . . . . . . . . . . . 19
227      3.1.  Start Line . . . . . . . . . . . . . . . . . . . . . . . . 20
228        3.1.1.  Request Line . . . . . . . . . . . . . . . . . . . . . 21
229        3.1.2.  Status Line  . . . . . . . . . . . . . . . . . . . . . 22
230      3.2.  Header Fields  . . . . . . . . . . . . . . . . . . . . . . 22
231        3.2.1.  Field Extensibility  . . . . . . . . . . . . . . . . . 23
232        3.2.2.  Field Order  . . . . . . . . . . . . . . . . . . . . . 23
233        3.2.3.  Whitespace . . . . . . . . . . . . . . . . . . . . . . 24
234        3.2.4.  Field Parsing  . . . . . . . . . . . . . . . . . . . . 24
235        3.2.5.  Field Limits . . . . . . . . . . . . . . . . . . . . . 26
236        3.2.6.  Field Value Components . . . . . . . . . . . . . . . . 26
237      3.3.  Message Body . . . . . . . . . . . . . . . . . . . . . . . 27
238        3.3.1.  Transfer-Encoding  . . . . . . . . . . . . . . . . . . 28
239        3.3.2.  Content-Length . . . . . . . . . . . . . . . . . . . . 29
240        3.3.3.  Message Body Length  . . . . . . . . . . . . . . . . . 31
241      3.4.  Handling Incomplete Messages . . . . . . . . . . . . . . . 33
242      3.5.  Message Parsing Robustness . . . . . . . . . . . . . . . . 34
243    4.  Transfer Codings . . . . . . . . . . . . . . . . . . . . . . . 34
244      4.1.  Chunked Transfer Coding  . . . . . . . . . . . . . . . . . 35
245        4.1.1.  Chunk Extensions . . . . . . . . . . . . . . . . . . . 36
246        4.1.2.  Chunked Trailer Part . . . . . . . . . . . . . . . . . 36
247        4.1.3.  Decoding Chunked . . . . . . . . . . . . . . . . . . . 37
248      4.2.  Compression Codings  . . . . . . . . . . . . . . . . . . . 37
249        4.2.1.  Compress Coding  . . . . . . . . . . . . . . . . . . . 38
250        4.2.2.  Deflate Coding . . . . . . . . . . . . . . . . . . . . 38
251        4.2.3.  Gzip Coding  . . . . . . . . . . . . . . . . . . . . . 38
252      4.3.  TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
253      4.4.  Trailer  . . . . . . . . . . . . . . . . . . . . . . . . . 39
254    5.  Message Routing  . . . . . . . . . . . . . . . . . . . . . . . 39
255      5.1.  Identifying a Target Resource  . . . . . . . . . . . . . . 40
256      5.2.  Connecting Inbound . . . . . . . . . . . . . . . . . . . . 40
257      5.3.  Request Target . . . . . . . . . . . . . . . . . . . . . . 41
258        5.3.1.  origin-form  . . . . . . . . . . . . . . . . . . . . . 41
259        5.3.2.  absolute-form  . . . . . . . . . . . . . . . . . . . . 41
260        5.3.3.  authority-form . . . . . . . . . . . . . . . . . . . . 42
261        5.3.4.  asterisk-form  . . . . . . . . . . . . . . . . . . . . 42
262      5.4.  Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
263      5.5.  Effective Request URI  . . . . . . . . . . . . . . . . . . 44
264      5.6.  Associating a Response to a Request  . . . . . . . . . . . 46
265      5.7.  Message Forwarding . . . . . . . . . . . . . . . . . . . . 46
266        5.7.1.  Via  . . . . . . . . . . . . . . . . . . . . . . . . . 46
267        5.7.2.  Transformations  . . . . . . . . . . . . . . . . . . . 48
268    6.  Connection Management  . . . . . . . . . . . . . . . . . . . . 49
269      6.1.  Connection . . . . . . . . . . . . . . . . . . . . . . . . 50
270      6.2.  Establishment  . . . . . . . . . . . . . . . . . . . . . . 51
271      6.3.  Persistence  . . . . . . . . . . . . . . . . . . . . . . . 51
272        6.3.1.  Retrying Requests  . . . . . . . . . . . . . . . . . . 52
273        6.3.2.  Pipelining . . . . . . . . . . . . . . . . . . . . . . 53
274      6.4.  Concurrency  . . . . . . . . . . . . . . . . . . . . . . . 54
275      6.5.  Failures and Timeouts  . . . . . . . . . . . . . . . . . . 54
276      6.6.  Tear-down  . . . . . . . . . . . . . . . . . . . . . . . . 55
277      6.7.  Upgrade  . . . . . . . . . . . . . . . . . . . . . . . . . 56
278    7.  ABNF List Extension: #rule . . . . . . . . . . . . . . . . . . 58
279    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 59
280      8.1.  Header Field Registration  . . . . . . . . . . . . . . . . 59
281      8.2.  URI Scheme Registration  . . . . . . . . . . . . . . . . . 60
282      8.3.  Internet Media Type Registration . . . . . . . . . . . . . 60
283        8.3.1.  Internet Media Type message/http . . . . . . . . . . . 61
284        8.3.2.  Internet Media Type application/http . . . . . . . . . 62
285      8.4.  Transfer Coding Registry . . . . . . . . . . . . . . . . . 63
286        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 63
287        8.4.2.  Registration . . . . . . . . . . . . . . . . . . . . . 64
288      8.5.  Content Coding Registration  . . . . . . . . . . . . . . . 64
289      8.6.  Upgrade Token Registry . . . . . . . . . . . . . . . . . . 64
290        8.6.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 65
291        8.6.2.  Upgrade Token Registration . . . . . . . . . . . . . . 65
292    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 66
293      9.1.  Establishing Authority . . . . . . . . . . . . . . . . . . 66
294      9.2.  Risks of Intermediaries  . . . . . . . . . . . . . . . . . 67
295      9.3.  Attacks via Protocol Element Length  . . . . . . . . . . . 67
296      9.4.  Response Splitting . . . . . . . . . . . . . . . . . . . . 68
297      9.5.  Request Smuggling  . . . . . . . . . . . . . . . . . . . . 69
298      9.6.  Message Integrity  . . . . . . . . . . . . . . . . . . . . 69
299      9.7.  Message Confidentiality  . . . . . . . . . . . . . . . . . 69
300      9.8.  Privacy of Server Log Information  . . . . . . . . . . . . 70
301    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 70
302    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72
303      11.1. Normative References . . . . . . . . . . . . . . . . . . . 72
304      11.2. Informative References . . . . . . . . . . . . . . . . . . 73
305    Appendix A.  HTTP Version History  . . . . . . . . . . . . . . . . 75
306      A.1.  Changes from HTTP/1.0  . . . . . . . . . . . . . . . . . . 76
307        A.1.1.  Multihomed Web Servers . . . . . . . . . . . . . . . . 76
308        A.1.2.  Keep-Alive Connections . . . . . . . . . . . . . . . . 76
309        A.1.3.  Introduction of Transfer-Encoding  . . . . . . . . . . 77
310      A.2.  Changes from RFC 2616  . . . . . . . . . . . . . . . . . . 77
311    Appendix B.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 79
312    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
313
314
315Section 3.2.4., paragraph 8:
316OLD:
317
318    Historically, HTTP has allowed field content with text in the
319    ISO-8859-1 charset [ISO-8859-1], supporting other charsets only
320    through use of [RFC2047] encoding.  In practice, most HTTP header
321    field values use only a subset of the US-ASCII charset [USASCII].
322    Newly defined header fields SHOULD limit their field values to
323    US-ASCII octets.  A recipient SHOULD treat other octets in field
324    content (obs-text) as opaque data.
325
326NEW:
327
328    Historically, HTTP has allowed field content with text in the
329    ISO-8859-charset [ISO-8859-1], supporting other charsets only through
330    use of [RFC2047] encoding.  In practice, most HTTP header field
331    values use only a subset of the US-ASCII charset [USASCII].  Newly
332    defined header fields SHOULD limit their field values to US-ASCII
333    octets.  A recipient SHOULD treat other octets in field content
334    (obs-text) as opaque data.
335
336
337Section 3.3., paragraph 4:
338OLD:
339
340    The presence of a message body in a request is signaled by a Content-
341    Length or Transfer-Encoding header field.  Request message framing is
342    independent of method semantics, even if the method does not define
343    any use for a message body.
344
345NEW:
346
347    The presence of a message body in a request is signaled by a
348    "Content-Length" or Transfer-Encoding header field.  Request message
349    framing is independent of method semantics, even if the method does
350    not define any use for a message body.
351
352
353Section 5.7.2., paragraph 6:
354OLD:
355
356    A proxy MUST NOT transform the payload (Section 3.3 of [RFC7231]) of
357    a message that contains a no-transform cache-control directive
358    (Section 5.2 of [RFC7234]).
359
360NEW:
361
362    A proxy MUST NOT transform the payload (Section 3.3 of [RFC7231]) of
363    a message that contains a no-transform Cache-Control directive
364    (Section 5.2 of [RFC7234]).
365
366
367Section 200, paragraph 0:
368OLD:
369
370    A proxy MAY transform the payload of a message that does not contain
371    a no-transform cache-control directive.  A proxy that transforms a
372    payload MUST add a Warning header field with the warn-code of 214
373    ("Transformation Applied") if one is not already in the message (see
374    Section 5.5 of [RFC7234]).  A proxy that transforms the payload of a
375    200 (OK) response can further inform downstream recipients that a
376    transformation has been applied by changing the response status code
377    to 203 (Non-Authoritative Information) (Section 6.3.4 of [RFC7231]).
378
379NEW:
380
381    A proxy MAY transform the payload of a message that does not contain
382    a no-transform Cache-Control directive.  A proxy that transforms a
383    payload MUST add a Warning header field with the warn-code of 214
384    ("Transformation Applied") if one is not already in the message (see
385    Section 5.5 of [RFC7234]).  A proxy that transforms the payload of a
386    200 (OK) response can further inform downstream recipients that a
387    transformation has been applied by changing the response status code
388    to 203 (Non-Authoritative Information) (Section 6.3.4 of [RFC7231]).
389
390
391Section 6.1., paragraph 2:
392OLD:
393
394    When a header field aside from Connection is used to supply control
395    information for or about the current connection, the sender MUST list
396    the corresponding field-name within the "Connection" header field.  A
397    proxy or gateway MUST parse a received Connection header field before
398    a message is forwarded and, for each connection-option in this field,
399    remove any header field(s) from the message with the same name as the
400    connection-option, and then remove the Connection header field itself
401    (or replace it with the intermediary's own connection options for the
402    forwarded message).
403
404NEW:
405
406    When a header field aside from Connection is used to supply control
407    information for or about the current connection, the sender MUST list
408    the corresponding field-name within the Connection header field.  A
409    proxy or gateway MUST parse a received Connection header field before
410    a message is forwarded and, for each connection-option in this field,
411    remove any header field(s) from the message with the same name as the
412    connection-option, and then remove the Connection header field itself
413    (or replace it with the intermediary's own connection options for the
414    forwarded message).
415
416
417Section 8.1., paragraph 4:
418OLD:
419
420    Furthermore, the header field-name "Close" has been registered as
421    "reserved", since using that name as an HTTP header field might
422    conflict with the "close" connection option of the "Connection"
423    header field (Section 6.1).
424
425NEW:
426
427    Furthermore, the header field-name "Close" has been registered as
428    "reserved", since using that name as an HTTP header field might
429    conflict with the "close" connection option of the Connection header
430    field (Section 6.1).
431
432
433Section 9.2., paragraph 1:
434OLD:
435
436    By their very nature, HTTP intermediaries are men-in-the-middle, and
437    thus represent an opportunity for man-in-the-middle attacks.
438    Compromise of the systems on which the intermediaries run can result
439    in serious security and privacy problems.  Intermediaries might have
440    access to security-related information, personal information about
441    individual users and organizations, and proprietary information
442    belonging to users and content providers.  A compromised
443    intermediary, or an intermediary implemented or configured without
444    regard to security and privacy considerations, might be used in the
445    commission of a wide range of potential attacks.
446
447NEW:
448
449    By their very nature, HTTP intermediaries are men in the middle and,
450    thus, represent an opportunity for man-in-the-middle attacks.
451    Compromise of the systems on which the intermediaries run can result
452    in serious security and privacy problems.  Intermediaries might have
453    access to security-related information, personal information about
454    individual users and organizations, and proprietary information
455    belonging to users and content providers.  A compromised
456    intermediary, or an intermediary implemented or configured without
457    regard to security and privacy considerations, might be used in the
458    commission of a wide range of potential attacks.
459
460
461Section 11.1., paragraph 8:
462OLD:
463
464    [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
465                  Transfer Protocol (HTTP/1.1): Semantics and Content",
466                  draft-ietf-httpbis-p2-semantics-latest (work in
467                  progress), May 2014.
468
469NEW:
470
471    [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
472                  Transfer Protocol (HTTP/1.1): Semantics and Content",
473                  RFC 7231, May 2014.
474
475
476Section 11.1., paragraph 9:
477OLD:
478
479    [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
480                  Transfer Protocol (HTTP/1.1): Conditional Requests",
481                  draft-ietf-httpbis-p4-conditional-latest (work in
482                  progress), May 2014.
483
484NEW:
485
486    [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
487                  Transfer Protocol (HTTP/1.1): Conditional Requests",
488                  RFC 7232, May 2014.
489
490
491Section 11.1., paragraph 10:
492OLD:
493
494    [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
495                  "Hypertext Transfer Protocol (HTTP/1.1): Range
496                  Requests", draft-ietf-httpbis-p5-range-latest (work in
497                  progress), May 2014.
498
499NEW:
500
501    [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
502                  "Hypertext Transfer Protocol (HTTP/1.1): Range
503                  Requests", RFC 7233, May 2014.
504
505
506Section 11.1., paragraph 11:
507OLD:
508
509    [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
510                  Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
511                  draft-ietf-httpbis-p6-cache-latest (work in progress),
512                  May 2014.
513
514NEW:
515
516    [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
517                  Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
518                  RFC 7234, May 2014.
519
520
521Section 11.1., paragraph 12:
522OLD:
523
524    [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
525                  Transfer Protocol (HTTP/1.1): Authentication",
526                  draft-ietf-httpbis-p7-auth-latest (work in progress),
527                  May 2014.
528
529NEW:
530
531    [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
532                  Transfer Protocol (HTTP/1.1): Authentication",
533                  RFC 7235, May 2014.
534
535
536Appendix A., paragraph 7:
537OLD:
538
539 A.1.1.  Multi-homed Web Servers
540
541NEW:
542
543 A.1.1.  Multihomed Web Servers
544
545
546Section 19.7.1, paragraph 9:
547OLD:
548
549    The HTTP-version ABNF production has been clarified to be case-
550    sensitive.  Additionally, version numbers have been restricted to
551    single digits, due to the fact that implementations are known to
552    handle multi-digit version numbers incorrectly.  (Section 2.6)
553    Userinfo (i.e., username and password) are now disallowed in HTTP and
554    HTTPS URIs, because of security issues related to their transmission
555    on the wire.  (Section 2.7.1)
556
557NEW:
558
559    The HTTP-version ABNF production has been clarified to be case-
560    sensitive.  Additionally, version numbers have been restricted to
561    single digits, due to the fact that implementations are known to
562    handle multi-digit version numbers incorrectly.  (Section 2.6)
563 
564    Userinfo (i.e., username and password) are now disallowed in HTTP and
565    HTTPS URIs, because of security issues related to their transmission
566    on the wire.  (Section 2.7.1)
567
568
569Section 19.7.1, paragraph 16:
570OLD:
571
572    Bogus "Content-Length" header fields are now required to be handled
573    as errors by recipients.  (Section 3.3.2)
574
575NEW:
576
577    Bogus Content-Length header fields are now required to be handled as
578    errors by recipients.  (Section 3.3.2)
579
580
581Section 19.7.1, paragraph 20:
582OLD:
583
584    The meaning of the "deflate" content coding has been clarified.
585    (Section 4.2.2)
586 
587    The segment + query components of RFC 3986 have been used to define
588    the request-target, instead of abs_path from RFC 1808.  The asterisk-
589    form of the request-target is only allowed with the OPTIONS method.
590    (Section 5.3)
591
592NEW:
593
594    The meaning of the "deflate" content coding has been clarified.
595    (Section 4.2.2)
596    The segment + query components of RFC 3986 have been used to define
597    the request-target, instead of abs_path from RFC 1808.  The asterisk-
598    form of the request-target is only allowed with the OPTIONS method.
599    (Section 5.3)
600
601
602Appendix B., paragraph 2:
603OLD:
604
605    Connection = *( "," OWS ) connection-option *( OWS "," [ OWS
606     connection-option ] )
607    Content-Length = 1*DIGIT
608
609NEW:
610
611    Connection = *( "," OWS ) connection-option *( OWS "," [ OWS
612     connection-option ] )
613 
614    Content-Length = 1*DIGIT
615
616
617Appendix B., paragraph 19:
618OLD:
619
620    scheme = <scheme, defined in [RFC3986], Section 3.1>
621    segment = <segment, defined in [RFC3986], Section 3.3>
622    start-line = request-line / status-line
623    status-code = 3DIGIT
624    status-line = HTTP-version SP status-code SP reason-phrase CRLF
625 
626    t-codings = "trailers" / ( transfer-coding [ t-ranking ] )
627    t-ranking = OWS ";" OWS "q=" rank
628    tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
629     "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
630    token = 1*tchar
631    trailer-part = *( header-field CRLF )
632    transfer-coding = "chunked" / "compress" / "deflate" / "gzip" /
633     transfer-extension
634    transfer-extension = token *( OWS ";" OWS transfer-parameter )
635    transfer-parameter = token BWS "=" BWS ( token / quoted-string )
636
637NEW:
638
639    scheme = <scheme, defined in [RFC3986], Section 3.1>
640    segment = <segment, defined in [RFC3986], Section 3.3>
641    start-line = request-line / status-line
642    status-code = 3DIGIT
643    status-line = HTTP-version SP status-code SP reason-phrase CRLF
644    t-codings = "trailers" / ( transfer-coding [ t-ranking ] )
645    t-ranking = OWS ";" OWS "q=" rank
646    tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
647     "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
648    token = 1*tchar
649    trailer-part = *( header-field CRLF )
650    transfer-coding = "chunked" / "compress" / "deflate" / "gzip" /
651     transfer-extension
652    transfer-extension = token *( OWS ";" OWS transfer-parameter )
653    transfer-parameter = token BWS "=" BWS ( token / quoted-string )
654
655
656Appendix B., paragraph 27:
657OLD:
658
659    G
660       gateway  10
661       Grammar
662          absolute-form  41
663          absolute-path  16
664          absolute-URI  16
665          ALPHA  6
666          asterisk-form  41-42
667          authority  16
668          authority-form  41-42
669          BWS  24
670          chunk  35
671          chunk-data  35
672          chunk-ext  35-36
673          chunk-ext-name  36
674          chunk-ext-val  36
675          chunk-size  35
676          chunked-body  35-36
677          comment  27
678          Connection  50
679          connection-option  50
680          Content-Length  29
681          CR  6
682          CRLF  6
683          ctext  27
684          CTL  6
685          DIGIT  6
686          DQUOTE  6
687          field-content  22
688          field-name  22, 39
689          field-value  22
690          field-vchar  22
691          fragment  16
692          header-field  22, 36
693          HEXDIG  6
694          Host  43
695          HTAB  6
696          HTTP-message  19
697          HTTP-name  13
698          http-URI  16
699          HTTP-version  13
700          https-URI  18
701          last-chunk  35
702          LF  6
703          message-body  27
704          method  21
705          obs-fold  22
706          obs-text  27
707          OCTET  6
708          origin-form  41
709          OWS  24
710          partial-URI  16
711          port  16
712          protocol-name  47
713          protocol-version  47
714          pseudonym  47
715          qdtext  27
716          query  16
717          quoted-pair  27
718          quoted-string  27
719          rank  38
720          reason-phrase  22
721          received-by  47
722          received-protocol  47
723          request-line  21
724          request-target  41
725          RWS  24
726          scheme  16
727          segment  16
728          SP  6
729          start-line  20
730          status-code  22
731          status-line  22
732          t-codings  38
733          t-ranking  38
734          tchar  26
735          TE  38
736          token  26
737          Trailer  39
738          trailer-part  35-36
739          transfer-coding  35
740          Transfer-Encoding  28
741          transfer-extension  35
742          transfer-parameter  35
743          Upgrade  56
744          uri-host  16
745          URI-reference  16
746          VCHAR  6
747          Via  47
748 
749       gzip (Coding Format)  38
750
751NEW:
752
753    G
754       gateway  10
755       Grammar
756          absolute-form  41
757          absolute-path  16
758          absolute-URI  16
759          ALPHA  6
760          asterisk-form  41-42
761          authority  16
762          authority-form  41-42
763          BWS  24
764          chunk  35
765          chunk-data  35
766          chunk-ext  35-36
767          chunk-ext-name  36
768          chunk-ext-val  36
769          chunk-size  35
770          chunked-body  35-36
771          comment  27
772          Connection  50
773          connection-option  50
774          Content-Length  29
775          CR  6
776          CRLF  6
777          ctext  27
778          CTL  6
779          DIGIT  6
780          DQUOTE  6
781          field-content  22
782          field-name  22, 39
783          field-value  22
784          field-vchar  22
785          fragment  16
786          header-field  22, 36
787          HEXDIG  6
788          Host  43
789          HTAB  6
790          HTTP-message  19
791          HTTP-name  13
792          http-URI  16
793          HTTP-version  13
794          https-URI  18
795          last-chunk  35
796          LF  6
797          message-body  27
798          method  21
799          obs-fold  22
800          obs-text  27
801          OCTET  6
802          origin-form  41
803          OWS  24
804          partial-URI  16
805          port  16
806          protocol-name  47
807          protocol-version  47
808          pseudonym  47
809          qdtext  27
810          query  16
811          quoted-pair  27
812          quoted-string  27
813          rank  38
814          reason-phrase  22
815          received-by  47
816          received-protocol  47
817          request-line  21
818          request-target  41
819          RWS  24
820          scheme  16
821          segment  16
822          SP  6
823          start-line  20
824          status-code  22
825          status-line  22
826          t-codings  38
827          t-ranking  38
828          tchar  26
829          TE  38
830          token  26
831          Trailer  39
832          trailer-part  35-36
833          transfer-coding  35
834          Transfer-Encoding  28
835          transfer-extension  35
836          transfer-parameter  35
837          Upgrade  56
838          uri-host  16
839          URI-reference  16
840          VCHAR  6
841          Via  47
842       gzip (Coding Format)  38
843
Note: See TracBrowser for help on using the repository browser.