Changeset 1157 for draft-ietf-httpbis
- Timestamp:
- 10/03/11 00:25:45 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.html
r1156 r1157 1134 1134 — it is only the authoritative interface used for mapping the namespace that is specific to TCP. 1135 1135 </p> 1136 <p id="rfc.section.2.6.1.p.7">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. The userinfo subcomponent (and its "@" delimiter) <em class="bcp14">MUST NOT</em> be used in an "http" URI. URI reference recipients <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent 1136 <p id="rfc.section.2.6.1.p.7">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. Some implementations make use of the userinfo component for internal 1137 configuration of authentication information, such as within command invocation options, configuration files, or bookmark lists, 1138 even though such usage might expose a user identifier or password. Senders <em class="bcp14">MUST NOT</em> include a userinfo subcomponent (and its "@" delimiter) when transmitting an "http" URI in a message. Recipients of HTTP messages 1139 that contain a URI reference <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent 1137 1140 is being used to obscure the authority for the sake of phishing attacks. 1138 1141 </p> -
draft-ietf-httpbis/latest/p1-messaging.xml
r1156 r1157 1057 1057 The URI generic syntax for authority also includes a deprecated 1058 1058 userinfo subcomponent (<xref target="RFC3986" x:fmt="," x:sec="3.2.1"/>) 1059 for including user authentication information in the URI. The userinfo 1060 subcomponent (and its "@" delimiter) &MUST-NOT; be used in an "http" 1061 URI. URI reference recipients &SHOULD; parse for the existence of 1062 userinfo and treat its presence as an error, likely indicating that 1063 the deprecated subcomponent is being used to obscure the authority 1064 for the sake of phishing attacks. 1059 for including user authentication information in the URI. Some 1060 implementations make use of the userinfo component for internal 1061 configuration of authentication information, such as within command 1062 invocation options, configuration files, or bookmark lists, even 1063 though such usage might expose a user identifier or password. 1064 Senders &MUST-NOT; include a userinfo subcomponent (and its "@" 1065 delimiter) when transmitting an "http" URI in a message. Recipients 1066 of HTTP messages that contain a URI reference &SHOULD; parse for the 1067 existence of userinfo and treat its presence as an error, likely 1068 indicating that the deprecated subcomponent is being used to obscure 1069 the authority for the sake of phishing attacks. 1065 1070 </t> 1066 1071 </section>
Note: See TracChangeset
for help on using the changeset viewer.