source: wg_materials/ietf77/ietf-77-http2231.xhtml @ 793

Last change on this file since 793 was 793, checked in by julian.reschke@…, 10 years ago

add draft meeting materials

  • Property svn:executable set to *
  • Property svn:mime-type set to application/xhtml+xml
File size: 4.0 KB
Line 
1<!DOCTYPE html
2  PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml">
4  <head>
5    <title>IETF 77 - HTTPbis vs RFC2231</title>
6    <style type="text/css">
7body {
8  color: black;
9  font-family: verdana, helvetica, arial, sans-serif;
10  font-size: 18pt;
11}
12h1 {
13  font-size: 36pt;
14}
15li {
16  margin-top: 0.5em;
17}
18q {
19  font-style: italic; 
20}
21.break {
22  page-break-before: always;
23}
24@page {
25  size: a4 landscape;
26}
27@page {
28  @bottom-left {
29       content: "Julian Reschke, greenbytes";
30  }
31  @bottom-right {
32       content: counter(page);
33  }
34  @top-center {
35       content: "IETF 77 - HTTPbis vs RFC2231";
36  }
37}
38    </style>
39  </head>
40  <body>
41    <h1>IETF 77 - HTTPbis vs RFC2231</h1>
42    <p>
43      <a href="mailto:julian.reschke@greenbytes.de">Julian Reschke</a>, greenbytes
44    </p>
45 
46    <h2 class="break">Problem Statement (1/2)</h2>
47    <ul>
48      <li>RFC2616 includes "Content-Disposition" (<a href="http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.19.5.1">RFC 2616, Section 19.5.1)</a>,
49      but also says:
50      <br />
51      <q>RFC 1806 [35], from which the often implemented Content-Disposition (see Appendix 19.5.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementers.</q>
52      (<a href="http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.15.5">RFC2616, Section 15.5</a>)
53      </li>
54      <li>
55        Refers to RFC 1806 (definition of Content-Disposition), obsoleted by RFC 2183.
56      </li>
57      <li>
58        I18N for Content-Disposition (filename) relies on on MIME specs RFC 2047, augmented RFC 2184,
59        which itself was obsoleted by RFC 2231 ('MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations').
60      </li>
61    </ul>
62
63    <h2 class="break">Problem Statement (2/2)</h2>
64    <ul>
65      <li>RFC 2183 did not state that it obsoleted RFC 1806, making it hard to find the
66      up-to-date spec (fixed in RFC Index in the meantime)</li>
67      <li>RFC 2231 specifies many features that are not needed in HTTP, but also
68      fails to REQUIRE common character sets for interoperability</li>
69      <li>Interoperability suffers from all of this, see test cases at
70      <a href="http://greenbytes.de/tech/tc2231/">http://greenbytes.de/tech/tc2231/</a> --
71      Firefox, Konqueror and Opera are fine, the other UAs do not support the I18N extensions
72      defined in RFC 2231.
73      </li>
74    </ul>
75
76    <h2 class="break">Proposal</h2>
77    <ul>
78      <li>Remove from HTTPbis (discussed during IETF-72 in Dublin)</li>
79      <li>
80        Profile RFC 2231 for use in HTTP (remove ambiguities, fix grammar,
81        remove unneeded features, require a common character set:
82        <a href="http://greenbytes.de/tech/webdav/draft-reschke-rfc2231-in-http-10.html">draft-reschke-rfc2231-in-http-10</a>).
83        <br/>
84        <small>(Note: does not normatively refer to RFC 2231 so it can evolve independently)</small>
85        <br/>
86        <em><b>In IETF Last Call - ending 2010-03-22 (yes, today!)</b></em>
87      </li>
88      <li>
89        Profile makes it easier for new HTTP header definitions to "opt in"
90        (HTTP Link Header / Web Linking specification, past IETF LC, does this)
91      </li>
92      <li>Get feedback from "other" UA vendors (I was told that profiling RFC 2231 made it more reasonable to implement)</li>
93      <li>Move actual definition of Content-Disposition as HTTP header into
94      a separate specification (work has started with
95      <a href="http://greenbytes.de/tech/webdav/draft-reschke-rfc2183-in-http-00.html">draft-reschke-rfc2183-in-http-00</a>)
96      </li>
97      <li>
98        Mention the profile in a yet to be written section about defining new
99        HTTP headers.
100      </li>
101    </ul>
102
103  </body>
104</html>
Note: See TracBrowser for help on using the repository browser.