Ignore:
Timestamp:
Oct 19, 2010, 2:32:23 AM (9 years ago)
Author:
julian.reschke@…
Message:

Source reformat, update Changes section (see #232 and [1032])

File:
1 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p2-semantics.xml

    r1035 r1036  
    23442344  <x:anchor-alias value="User-Agent"/>
    23452345  <x:anchor-alias value="User-Agent-v"/>
    2346 
    2347   <t>The "User-Agent" request-header field contains information about the user
    2348   agent originating the request. User agents &SHOULD; include this field with
    2349   requests.</t>
    2350 
    2351   <t>Typically, it is used for statistical purposes, the tracing of protocol
    2352   violations, and tailoring responses to avoid particular user agent
    2353   limitations.</t>
    2354 
    2355   <t>The field can contain multiple product tokens (&product-tokens;)
    2356   and comments (&header-fields;) identifying the agent and its
    2357   significant subproducts. By convention, the product tokens are listed in
    2358   order of their significance for identifying the application.</t>
    2359 
    2360   <t>Because this field is usually sent on every request a user agent makes,
    2361   implementations are encouraged not to include needlessly fine-grained
    2362   detail, and to limit (or even prohibit) the addition of subproducts by third
    2363   parties. Overly long and detailed User-Agent field values make requests
    2364   larger and can also be used to identify ("fingerprint") the user against
    2365   their wishes.</t>
    2366 
    2367   <t>Likewise, implementations are encouraged not to use the product tokens of
    2368   other implementations in order to declare compatibility with them, as this
    2369   circumvents the purpose of the field. Finally, they are encouraged not to
    2370   use comments to identify products; doing so makes the field value more
    2371   difficult to parse.</t>
    2372 
     2346<t>
     2347   The "User-Agent" request-header field contains information about the user
     2348   agent originating the request. User agents &SHOULD; include this field with
     2349   requests.
     2350</t>
     2351<t>
     2352   Typically, it is used for statistical purposes, the tracing of protocol
     2353   violations, and tailoring responses to avoid particular user agent
     2354   limitations.
     2355</t>
     2356<t>
     2357   The field can contain multiple product tokens (&product-tokens;)
     2358   and comments (&header-fields;) identifying the agent and its
     2359   significant subproducts. By convention, the product tokens are listed in
     2360   order of their significance for identifying the application.
     2361</t>
     2362<t>
     2363   Because this field is usually sent on every request a user agent makes,
     2364   implementations are encouraged not to include needlessly fine-grained
     2365   detail, and to limit (or even prohibit) the addition of subproducts by third
     2366   parties. Overly long and detailed User-Agent field values make requests
     2367   larger and can also be used to identify ("fingerprint") the user against
     2368   their wishes.
     2369</t>
     2370<t>
     2371   Likewise, implementations are encouraged not to use the product tokens of
     2372   other implementations in order to declare compatibility with them, as this
     2373   circumvents the purpose of the field. Finally, they are encouraged not to
     2374   use comments to identify products; doing so makes the field value more
     2375   difficult to parse.
     2376</t>
    23732377<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="User-Agent"/><iref primary="true" item="Grammar" subitem="User-Agent-v"/>
    23742378  <x:ref>User-Agent</x:ref>     = "User-Agent" ":" <x:ref>OWS</x:ref> <x:ref>User-Agent-v</x:ref>
     
    27772781   Referer information.
    27782782</t>
    2779 
    2780   <t>The User-Agent (<xref target="header.user-agent"/>) or Server (<xref
    2781   target="header.server"/>) header fields can sometimes be used to determine
    2782   that a specific client or server have a particular security hole which might
    2783   be exploited. Unfortunately, this same information is often used for other
    2784   valuable purposes for which HTTP currently has no better mechanism.</t>
    2785 
    2786   <t>Furthermore, the User-Agent header field may contain enough entropy to be
    2787   used, possibly in conjunction with other material, to uniquely identify the
    2788   user.</t>
    2789 
     2783<t>
     2784   The User-Agent (<xref target="header.user-agent"/>) or Server (<xref
     2785   target="header.server"/>) header fields can sometimes be used to determine
     2786   that a specific client or server have a particular security hole which might
     2787   be exploited. Unfortunately, this same information is often used for other
     2788   valuable purposes for which HTTP currently has no better mechanism.
     2789</t>
     2790<t>
     2791   Furthermore, the User-Agent header field may contain enough entropy to be
     2792   used, possibly in conjunction with other material, to uniquely identify the
     2793   user.
     2794</t>
    27902795<t>
    27912796   Some methods, like TRACE (<xref target="TRACE"/>), expose information
     
    38733878<section title="Since draft-ietf-httpbis-p2-semantics-11" anchor="changes.since.11">
    38743879<t>
    3875   None yet.
     3880  Closed issues:
     3881  <list style="symbols">
     3882    <t>
     3883      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/232"/>:
     3884      "User-Agent guidelines" (relating to the 'User-Agent' header field)
     3885    </t>
     3886  </list>
    38763887</t>
    38773888</section>
Note: See TracChangeset for help on using the changeset viewer.