Changeset 1175 for draft-ietf-httpbis/latest

Timestamp:

Mar 13, 2011, 3:41:30 PM (9 years ago)

Author:

fielding@…

Message:

On second thought, gateways behave like user agents on the
inbound connection since they decide the inbound target resource.
The distinction is that HTTP-to-HTTP gateways must also implement
Connection and Via. Revises [1173] accordingly.

Improve definition of Connection header field to require that
the Conection field itself be removed (how did we forget that?)
and note the overlap between connection-token and field-name
namespaces. Addresses one half of #256 and #231.

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.html (modified) (23 diffs)
• p1-messaging.xml (modified) (11 diffs)

draft-ietf-httpbis/latest/p1-messaging.html

@@ -969 +969 @@
       </p>
       <p id="rfc.section.2.3.p.7"><span id="rfc.iref.g.24"></span><span id="rfc.iref.r.3"></span>  <span id="rfc.iref.a.1"></span> A "gateway" (a.k.a., "reverse proxy") is a receiving agent that acts as a layer above some other server(s) and translates
-         the received requests to the underlying server's protocol. Gateways are often used for load balancing, "accelerator" caching,
-         or partitioning HTTP services across multiple machines. Gateways behave as an origin server on the outbound connection and
-         as a proxy on the inbound connection. All HTTP requirements applicable to an origin server also apply to the outbound communication
-         of a gateway. A gateway communicates with inbound servers using any protocol it desires, including private extensions to HTTP
-         that are outside the scope of this specification. However, an HTTP-to-HTTP gateway that wishes to interoperate with third-party
-         HTTP servers <em class="bcp14">SHOULD</em> comply with HTTP proxy requirements on the gateway's inbound connection.
-      </p>
-      <p id="rfc.section.2.3.p.8"><span id="rfc.iref.t.2"></span> A "tunnel" acts as a blind relay between two connections without changing the messages. Once active, a tunnel is not considered
+         the received requests to the underlying server's protocol. Gateways are often used to encapsulate legacy or untrusted information
+         services, to improve server performance through "accelerator" caching, and to enable partitioning or load-balancing of HTTP
+         services across multiple machines.
+      </p>
+      <p id="rfc.section.2.3.p.8">A gateway behaves as an origin server on its outbound connection and as a user agent on its inbound connection. All HTTP requirements
+         applicable to an origin server also apply to the outbound communication of a gateway. A gateway communicates with inbound
+         servers using any protocol that it desires, including private extensions to HTTP that are outside the scope of this specification.
+         However, an HTTP-to-HTTP gateway that wishes to interoperate with third-party HTTP servers <em class="bcp14">MUST</em> comply with HTTP user agent requirements on the gateway's inbound connection and <em class="bcp14">MUST</em> implement the Connection (<a href="#header.connection" id="rfc.xref.header.connection.1" title="Connection">Section&nbsp;9.1</a>) and Via (<a href="#header.via" id="rfc.xref.header.via.1" title="Via">Section&nbsp;9.9</a>) header fields for both connections.
+      </p>
+      <p id="rfc.section.2.3.p.9"><span id="rfc.iref.t.2"></span> A "tunnel" acts as a blind relay between two connections without changing the messages. Once active, a tunnel is not considered
          a party to the HTTP communication, though the tunnel might have been initiated by an HTTP request. A tunnel ceases to exist
          when both ends of the relayed connection are closed. Tunnels are used to extend a virtual connection through an intermediary,
          such as when transport-layer security is used to establish private communication through a shared firewall proxy.
       </p>
-      <p id="rfc.section.2.3.p.9"><span id="rfc.iref.i.3"></span><span id="rfc.iref.t.3"></span>  <span id="rfc.iref.c.3"></span> In addition, there may exist network intermediaries that are not considered part of the HTTP communication but nevertheless
+      <p id="rfc.section.2.3.p.10"><span id="rfc.iref.i.3"></span><span id="rfc.iref.t.3"></span>  <span id="rfc.iref.c.3"></span> In addition, there may exist network intermediaries that are not considered part of the HTTP communication but nevertheless
          act as filters or redirecting agents (usually violating HTTP semantics, causing security problems, and otherwise making a
          mess of things). Such a network intermediary, often referred to as an "interception proxy" <a href="#RFC3040" id="rfc.xref.RFC3040.1"><cite title="Internet Web Replication and Caching Taxonomy">[RFC3040]</cite></a>, "transparent proxy" <a href="#RFC1919" id="rfc.xref.RFC1919.1"><cite title="Classical versus Transparent IP Proxies">[RFC1919]</cite></a>, or "captive portal", differs from an HTTP proxy because it has not been selected by the client. Instead, the network intermediary
@@ -1042 +1044 @@
       <p id="rfc.section.2.5.p.8">New header fields can be defined such that, when they are understood by a recipient, they might override or enhance the interpretation
          of previously defined header fields. When an implementation receives an unrecognized header field, the recipient <em class="bcp14">MUST</em> ignore that header field for local processing regardless of the message's HTTP version. An unrecognized header field received
-         by a proxy <em class="bcp14">MUST</em> be forwarded downstream unless the header field's field-name is listed in the message's Connection header-field (see <a href="#header.connection" id="rfc.xref.header.connection.1" title="Connection">Section&nbsp;9.1</a>). These requirements allow HTTP's functionality to be enhanced without requiring prior update of all compliant intermediaries.
+         by a proxy <em class="bcp14">MUST</em> be forwarded downstream unless the header field's field-name is listed in the message's Connection header-field (see <a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section&nbsp;9.1</a>). These requirements allow HTTP's functionality to be enhanced without requiring prior update of all compliant intermediaries.
       </p>
       <p id="rfc.section.2.5.p.9">Intermediaries that process HTTP messages (i.e., all intermediaries other than those acting as a tunnel) <em class="bcp14">MUST</em> send their own HTTP-Version in forwarded messages. In other words, they <em class="bcp14">MUST NOT</em> blindly forward the first line of an HTTP message without ensuring that the protocol version matches what the intermediary
@@ -1366 +1368 @@
                <tr>
                   <td class="left">Connection</td>
-                  <td class="left"><a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section&nbsp;9.1</a></td>
+                  <td class="left"><a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section&nbsp;9.1</a></td>
                </tr>
                <tr>
@@ -1386 +1388 @@
                <tr>
                   <td class="left">Via</td>
-                  <td class="left"><a href="#header.via" id="rfc.xref.header.via.1" title="Via">Section&nbsp;9.9</a></td>
+                  <td class="left"><a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section&nbsp;9.9</a></td>
                </tr>
             </tbody>
@@ -1847 +1849 @@
       </p>
       <p id="rfc.section.7.1.2.p.2">Persistent connections provide a mechanism by which a client and a server can signal the close of a TCP connection. This signaling
-         takes place using the Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section&nbsp;9.1</a>). Once a close has been signaled, the client <em class="bcp14">MUST NOT</em> send any more requests on that connection.
+         takes place using the Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.4" title="Connection">Section&nbsp;9.1</a>). Once a close has been signaled, the client <em class="bcp14">MUST NOT</em> send any more requests on that connection.
       </p>
       <h4 id="rfc.section.7.1.2.1"><a href="#rfc.section.7.1.2.1">7.1.2.1</a>&nbsp;<a id="persistent.negotiation" href="#persistent.negotiation">Negotiation</a></h4>
@@ -1873 +1875 @@
       </p>
       <h3 id="rfc.section.7.1.3"><a href="#rfc.section.7.1.3">7.1.3</a>&nbsp;<a id="persistent.proxy" href="#persistent.proxy">Proxy Servers</a></h3>
-      <p id="rfc.section.7.1.3.p.1">It is especially important that proxies correctly implement the properties of the Connection header field as specified in <a href="#header.connection" id="rfc.xref.header.connection.4" title="Connection">Section&nbsp;9.1</a>.
+      <p id="rfc.section.7.1.3.p.1">It is especially important that proxies correctly implement the properties of the Connection header field as specified in <a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section&nbsp;9.1</a>.
       </p>
       <p id="rfc.section.7.1.3.p.2">The proxy server <em class="bcp14">MUST</em> signal persistent connections separately with its clients and the origin servers (or other proxy servers) that it connects
@@ -1902 +1904 @@
       </ul>
       <p id="rfc.section.7.1.3.1.p.3">All other header fields defined by HTTP/1.1 are end-to-end header fields.</p>
-      <p id="rfc.section.7.1.3.1.p.4">Other hop-by-hop header fields <em class="bcp14">MUST</em> be listed in a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section&nbsp;9.1</a>).
+      <p id="rfc.section.7.1.3.1.p.4">Other hop-by-hop header fields <em class="bcp14">MUST</em> be listed in a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section&nbsp;9.1</a>).
       </p>
       <h4 id="rfc.section.7.1.3.2"><a href="#rfc.section.7.1.3.2">7.1.3.2</a>&nbsp;<a id="non-modifiable.header-fields" href="#non-modifiable.header-fields">Non-modifiable Header Fields</a></h4>
@@ -2078 +2080 @@
       </p>
       <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="header.field.definitions" href="#header.field.definitions">Header Field Definitions</a></h1>
-      <p id="rfc.section.9.p.1">This section defines the syntax and semantics of HTTP/1.1 header fields related to message framing and transport protocols.</p>
+      <p id="rfc.section.9.p.1">This section defines the syntax and semantics of HTTP header fields related to message framing and transport protocols.</p>
       <div id="rfc.iref.c.12"></div>
       <div id="rfc.iref.h.6"></div>
       <h2 id="rfc.section.9.1"><a href="#rfc.section.9.1">9.1</a>&nbsp;<a id="header.connection" href="#header.connection">Connection</a></h2>
-      <p id="rfc.section.9.1.p.1">The "Connection" header field allows the sender to specify options that are desired for that particular connection and <em class="bcp14">MUST NOT</em> be communicated by proxies over further connections.
+      <p id="rfc.section.9.1.p.1">The "Connection" header field allows the sender to specify options that are desired only for that particular connection. Such
+         connection options <em class="bcp14">MUST</em> be removed or replaced before the message can be forwarded downstream by a proxy or gateway. This mechanism also allows the
+         sender to indicate which HTTP header fields used in the message are only intended for the immediate recipient ("hop-by-hop"),
+         as opposed to all recipients on the chain ("end-to-end"), enabling the message to be self-descriptive and allowing future
+         connection-specific extensions to be deployed in HTTP without fear that they will be blindly forwarded by previously deployed
+         intermediaries.
       </p>
       <p id="rfc.section.9.1.p.2">The Connection header field's value has the following grammar:</p>
@@ -2088 +2095 @@
   <a href="#header.connection" class="smpl">Connection-v</a>     = 1#<a href="#header.connection" class="smpl">connection-token</a>
   <a href="#header.connection" class="smpl">connection-token</a> = <a href="#rule.token.separators" class="smpl">token</a>
-</pre><p id="rfc.section.9.1.p.4">HTTP/1.1 proxies <em class="bcp14">MUST</em> parse the Connection header field before a message is forwarded and, for each connection-token in this field, remove any header
-         field(s) from the message with the same name as the connection-token. Connection options are signaled by the presence of a
-         connection-token in the Connection header field, not by any corresponding additional header field(s), since the additional
-         header field might not be sent if there are no parameters associated with that connection option.
-      </p>
-      <p id="rfc.section.9.1.p.5">Message header fields listed in the Connection header field <em class="bcp14">MUST NOT</em> include end-to-end header fields, such as Cache-Control (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 3.2</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>).
-      </p>
-      <p id="rfc.section.9.1.p.6">HTTP/1.1 defines the "close" connection option for the sender to signal that the connection will be closed after completion
+</pre><p id="rfc.section.9.1.p.4">A proxy or gateway <em class="bcp14">MUST</em> parse a received Connection header field before a message is forwarded and, for each connection-token in this field, remove
+         any header field(s) from the message with the same name as the connection-token, and then remove the Connection header field
+         itself or replace it with the sender's own connection options for the forwarded message.
+      </p>
+      <p id="rfc.section.9.1.p.5">A sender <em class="bcp14">MUST NOT</em> include field-names in the Connection header field-value for fields that are defined as expressing constraints for all recipients
+         in the request or response chain, such as the Cache-Control header field (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 3.2</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>).
+      </p>
+      <p id="rfc.section.9.1.p.6">The connection options do not have to correspond to a header field present in the message, since a connection-specific header
+         field might not be needed if there are no parameters associated with that connection option. Recipients that trigger certain
+         connection behavior based on the presence of connection options <em class="bcp14">MUST</em> do so based on the presence of the connection-token rather than only the presence of the optional header field. In other words,
+         if the connection option is received as a header field but not indicated within the Connection field-value, then the recipient <em class="bcp14">MUST</em> ignore the connection-specific header field because it has likely been forwarded by an intermediary that is only partially
+         compliant.
+      </p>
+      <p id="rfc.section.9.1.p.7">When defining new connection options, specifications ought to carefully consider existing deployed header fields and ensure
+         that the new connection-token does not share the same name as an unrelated header field that might already be deployed. Defining
+         a new connection-token essentially reserves that potential field-name for carrying additional information related to the connection
+         option, since it would be unwise for senders to use that field-name for anything else.
+      </p>
+      <p id="rfc.section.9.1.p.8">HTTP/1.1 defines the "close" connection option for the sender to signal that the connection will be closed after completion
          of the response. For example,
       </p>
       <div id="rfc.figure.u.56"></div><pre class="text">  Connection: close
-</pre><p id="rfc.section.9.1.p.8">in either the request or the response header fields indicates that the connection <em class="bcp14">SHOULD NOT</em> be considered "persistent" (<a href="#persistent.connections" title="Persistent Connections">Section&nbsp;7.1</a>) after the current request/response is complete.
-      </p>
-      <p id="rfc.section.9.1.p.9">An HTTP/1.1 client that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every request message.
-      </p>
-      <p id="rfc.section.9.1.p.10">An HTTP/1.1 server that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every response message that does not have a 1xx (Informational) status code.
-      </p>
-      <p id="rfc.section.9.1.p.11">A system receiving an HTTP/1.0 (or lower-version) message that includes a Connection header field <em class="bcp14">MUST</em>, for each connection-token in this field, remove and ignore any header field(s) from the message with the same name as the
-         connection-token. This protects against mistaken forwarding of such header fields by pre-HTTP/1.1 proxies. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Compatibility with HTTP/1.0 Persistent Connections">Appendix&nbsp;B.2</a>.
+</pre><p id="rfc.section.9.1.p.10">in either the request or the response header fields indicates that the connection <em class="bcp14">SHOULD NOT</em> be considered "persistent" (<a href="#persistent.connections" title="Persistent Connections">Section&nbsp;7.1</a>) after the current request/response is complete.
+      </p>
+      <p id="rfc.section.9.1.p.11">An HTTP/1.1 client that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every request message.
+      </p>
+      <p id="rfc.section.9.1.p.12">An HTTP/1.1 server that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every response message that does not have a 1xx (Informational) status code.
       </p>
       <div id="rfc.iref.c.13"></div>
@@ -2216 +2231 @@
   TE:
   TE: trailers, deflate;q=0.5
-</pre><p id="rfc.section.9.5.p.7">The TE header field only applies to the immediate connection. Therefore, the keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section&nbsp;9.1</a>) whenever TE is present in an HTTP/1.1 message.
+</pre><p id="rfc.section.9.5.p.7">The TE header field only applies to the immediate connection. Therefore, the keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.7" title="Connection">Section&nbsp;9.1</a>) whenever TE is present in an HTTP/1.1 message.
       </p>
       <p id="rfc.section.9.5.p.8">A server tests whether a transfer-coding is acceptable, according to a TE field, using these rules: </p>
@@ -2302 +2317 @@
          although the first action after changing the protocol <em class="bcp14">MUST</em> be a response to the initial HTTP request containing the Upgrade header field.
       </p>
-      <p id="rfc.section.9.8.p.7">The Upgrade header field only applies to the immediate connection. Therefore, the upgrade keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.7" title="Connection">Section&nbsp;9.1</a>) whenever Upgrade is present in an HTTP/1.1 message.
+      <p id="rfc.section.9.8.p.7">The Upgrade header field only applies to the immediate connection. Therefore, the upgrade keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.8" title="Connection">Section&nbsp;9.1</a>) whenever Upgrade is present in an HTTP/1.1 message.
       </p>
       <p id="rfc.section.9.8.p.8">The Upgrade header field cannot be used to indicate a switch to a protocol on a different connection. For that purpose, it
@@ -2339 +2354 @@
       <div id="rfc.iref.h.15"></div>
       <h2 id="rfc.section.9.9"><a href="#rfc.section.9.9">9.9</a>&nbsp;<a id="header.via" href="#header.via">Via</a></h2>
-      <p id="rfc.section.9.9.p.1">The "Via" header field <em class="bcp14">MUST</em> be sent by proxies to indicate the intermediate protocols and recipients between the user agent and the server on requests,
-         and between the origin server and the client on responses. It is analogous to the "Received" field defined in <a href="http://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.5"><cite title="Internet Message Format">[RFC5322]</cite></a> and is intended to be used for tracking message forwards, avoiding request loops, and identifying the protocol capabilities
+      <p id="rfc.section.9.9.p.1">The "Via" header field <em class="bcp14">MUST</em> be sent by a proxy or gateway to indicate the intermediate protocols and recipients between the user agent and the server
+         on requests, and between the origin server and the client on responses. It is analogous to the "Received" field used by email
+         systems (<a href="http://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.5"><cite title="Internet Message Format">[RFC5322]</cite></a>) and is intended to be used for tracking message forwards, avoiding request loops, and identifying the protocol capabilities
          of all senders along the request/response chain.
       </p>
@@ -2355 +2371 @@
          so that information about the protocol capabilities of upstream applications remains visible to all recipients.
       </p>
-      <p id="rfc.section.9.9.p.4">The protocol-name is optional if and only if it would be "HTTP". The received-by field is normally the host and optional port
+      <p id="rfc.section.9.9.p.4">The protocol-name is excluded if and only if it would be "HTTP". The received-by field is normally the host and optional port
          number of a recipient server or client that subsequently forwarded the message. However, if the real host is considered to
          be sensitive information, it <em class="bcp14">MAY</em> be replaced by a pseudonym. If the port is not given, it <em class="bcp14">MAY</em> be assumed to be the default port of the received-protocol.
       </p>
-      <p id="rfc.section.9.9.p.5">Multiple Via field values represent each proxy that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.
-      </p>
-      <p id="rfc.section.9.9.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of the recipient proxy, analogous to the User-Agent and Server header
+      <p id="rfc.section.9.9.p.5">Multiple Via field values represent each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.
+      </p>
+      <p id="rfc.section.9.9.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of each recipient, analogous to the User-Agent and Server header
          fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.
       </p>
@@ -2369 +2385 @@
       </p>
       <div id="rfc.figure.u.71"></div><pre class="text">  Via: 1.0 fred, 1.1 p.example.net (Apache/1.1)
-</pre><p id="rfc.section.9.9.p.9">Proxies used as a portal through a network firewall <em class="bcp14">SHOULD NOT</em>, by default, forward the names and ports of hosts within the firewall region. This information <em class="bcp14">SHOULD</em> only be propagated if explicitly enabled. If not enabled, the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host.
-      </p>
-      <p id="rfc.section.9.9.p.10">For organizations that have strong privacy requirements for hiding internal structures, a proxy <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries with identical received-protocol values into a single such entry.
+</pre><p id="rfc.section.9.9.p.9">A proxy or gateway used as a portal through a network firewall <em class="bcp14">SHOULD NOT</em> forward the names and ports of hosts within the firewall region unless it is explicitly enabled to do so. If not enabled,
+         the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host.
+      </p>
+      <p id="rfc.section.9.9.p.10">For organizations that have strong privacy requirements for hiding internal structures, a proxy or gateway <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries with identical received-protocol values into a single such entry.
          For example,
       </p>
@@ -2377 +2394 @@
 </pre><p id="rfc.section.9.9.p.12">could be collapsed to</p>
       <div id="rfc.figure.u.73"></div><pre class="text">  Via: 1.0 ricky, 1.1 mertz, 1.0 lucy
-</pre><p id="rfc.section.9.9.p.14">Applications <em class="bcp14">SHOULD NOT</em> combine multiple entries unless they are all under the same organizational control and the hosts have already been replaced
-         by pseudonyms. Applications <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values.
+</pre><p id="rfc.section.9.9.p.14">Senders <em class="bcp14">SHOULD NOT</em> combine multiple entries unless they are all under the same organizational control and the hosts have already been replaced
+         by pseudonyms. Senders <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values.
       </p>
       <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a>&nbsp;<a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1>
@@ -2400 +2417 @@
                   <td class="left">http</td>
                   <td class="left">standard</td>
-                  <td class="left"> <a href="#header.connection" id="rfc.xref.header.connection.8" title="Connection">Section&nbsp;9.1</a> 
+                  <td class="left"> <a href="#header.connection" id="rfc.xref.header.connection.9" title="Connection">Section&nbsp;9.1</a> 
                   </td>
                </tr>
@@ -2456 +2473 @@
                   <td class="left">http</td>
                   <td class="left">standard</td>
-                  <td class="left"> <a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section&nbsp;9.9</a> 
+                  <td class="left"> <a href="#header.via" id="rfc.xref.header.via.3" title="Via">Section&nbsp;9.9</a> 
                   </td>
                </tr>
@@ -3047 +3064 @@
          Therefore, we need some other mechanism for indicating a persistent connection is desired, which is safe to use even when
          talking to an old proxy that ignores Connection. Persistent connections are the default for HTTP/1.1 messages; we introduce
-         a new keyword (Connection: close) for declaring non-persistence. See <a href="#header.connection" id="rfc.xref.header.connection.9" title="Connection">Section&nbsp;9.1</a>.
+         a new keyword (Connection: close) for declaring non-persistence. See <a href="#header.connection" id="rfc.xref.header.connection.10" title="Connection">Section&nbsp;9.1</a>.
       </p>
       <p id="rfc.section.B.2.p.3">The original HTTP/1.0 form of persistent connections (the Connection: Keep-Alive and Keep-Alive header field) is documented
@@ -3076 +3093 @@
       <p id="rfc.section.B.3.p.9">Remove hard limit of two connections per server. (<a href="#persistent.practical" title="Practical Considerations">Section&nbsp;7.1.4</a>)
       </p>
-      <p id="rfc.section.B.3.p.10">Clarify exactly when close connection options must be sent. (<a href="#header.connection" id="rfc.xref.header.connection.10" title="Connection">Section&nbsp;9.1</a>)
+      <p id="rfc.section.B.3.p.10">Clarify exactly when close connection options must be sent. (<a href="#header.connection" id="rfc.xref.header.connection.11" title="Connection">Section&nbsp;9.1</a>)
       </p>
       <p id="rfc.section.B.3.p.11">Define the semantics of the "Upgrade" header field in responses other than 101 (this was incorporated from <a href="#RFC2817" id="rfc.xref.RFC2817.2"><cite title="Upgrading to TLS Within HTTP/1.1">[RFC2817]</cite></a>). (<a href="#header.upgrade" id="rfc.xref.header.upgrade.3" title="Upgrade">Section&nbsp;9.8</a>)
@@ -3617 +3634 @@
                   <li>compress (Coding Format)&nbsp;&nbsp;<a href="#rfc.iref.c.8">6.2.2.1</a></li>
                   <li>connection&nbsp;&nbsp;<a href="#rfc.iref.c.2"><b>2.1</b></a></li>
-                  <li>Connection header field&nbsp;&nbsp;<a href="#rfc.xref.header.connection.1">2.5</a>, <a href="#rfc.xref.header.connection.2">3.4</a>, <a href="#rfc.xref.header.connection.3">7.1.2</a>, <a href="#rfc.xref.header.connection.4">7.1.3</a>, <a href="#rfc.xref.header.connection.5">7.1.3.1</a>, <a href="#rfc.iref.c.12"><b>9.1</b></a>, <a href="#rfc.xref.header.connection.6">9.5</a>, <a href="#rfc.xref.header.connection.7">9.8</a>, <a href="#rfc.xref.header.connection.8">10.1</a>, <a href="#rfc.xref.header.connection.9">B.2</a>, <a href="#rfc.xref.header.connection.10">B.3</a></li>
+                  <li>Connection header field&nbsp;&nbsp;<a href="#rfc.xref.header.connection.1">2.3</a>, <a href="#rfc.xref.header.connection.2">2.5</a>, <a href="#rfc.xref.header.connection.3">3.4</a>, <a href="#rfc.xref.header.connection.4">7.1.2</a>, <a href="#rfc.xref.header.connection.5">7.1.3</a>, <a href="#rfc.xref.header.connection.6">7.1.3.1</a>, <a href="#rfc.iref.c.12"><b>9.1</b></a>, <a href="#rfc.xref.header.connection.7">9.5</a>, <a href="#rfc.xref.header.connection.8">9.8</a>, <a href="#rfc.xref.header.connection.9">10.1</a>, <a href="#rfc.xref.header.connection.10">B.2</a>, <a href="#rfc.xref.header.connection.11">B.3</a></li>
                   <li>Content-Length header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-length.1">3.3</a>, <a href="#rfc.iref.c.13"><b>9.2</b></a>, <a href="#rfc.xref.header.content-length.2">10.1</a></li>
                </ul>
@@ -3760 +3777 @@
                   <li>Header Fields&nbsp;&nbsp;
                      <ul>
-                        <li>Connection&nbsp;&nbsp;<a href="#rfc.xref.header.connection.1">2.5</a>, <a href="#rfc.xref.header.connection.2">3.4</a>, <a href="#rfc.xref.header.connection.3">7.1.2</a>, <a href="#rfc.xref.header.connection.4">7.1.3</a>, <a href="#rfc.xref.header.connection.5">7.1.3.1</a>, <a href="#rfc.iref.h.6"><b>9.1</b></a>, <a href="#rfc.xref.header.connection.6">9.5</a>, <a href="#rfc.xref.header.connection.7">9.8</a>, <a href="#rfc.xref.header.connection.8">10.1</a>, <a href="#rfc.xref.header.connection.9">B.2</a>, <a href="#rfc.xref.header.connection.10">B.3</a></li>
+                        <li>Connection&nbsp;&nbsp;<a href="#rfc.xref.header.connection.1">2.3</a>, <a href="#rfc.xref.header.connection.2">2.5</a>, <a href="#rfc.xref.header.connection.3">3.4</a>, <a href="#rfc.xref.header.connection.4">7.1.2</a>, <a href="#rfc.xref.header.connection.5">7.1.3</a>, <a href="#rfc.xref.header.connection.6">7.1.3.1</a>, <a href="#rfc.iref.h.6"><b>9.1</b></a>, <a href="#rfc.xref.header.connection.7">9.5</a>, <a href="#rfc.xref.header.connection.8">9.8</a>, <a href="#rfc.xref.header.connection.9">10.1</a>, <a href="#rfc.xref.header.connection.10">B.2</a>, <a href="#rfc.xref.header.connection.11">B.3</a></li>
                         <li>Content-Length&nbsp;&nbsp;<a href="#rfc.xref.header.content-length.1">3.3</a>, <a href="#rfc.iref.h.7"><b>9.2</b></a>, <a href="#rfc.xref.header.content-length.2">10.1</a></li>
                         <li>Date&nbsp;&nbsp;<a href="#rfc.xref.header.date.1">3.4</a>, <a href="#rfc.iref.h.8"><b>9.3</b></a>, <a href="#rfc.xref.header.date.2">10.1</a></li>
@@ -3768 +3785 @@
                         <li>Transfer-Encoding&nbsp;&nbsp;<a href="#rfc.xref.header.transfer-encoding.1">3.3</a>, <a href="#rfc.xref.header.transfer-encoding.2">3.4</a>, <a href="#rfc.xref.header.transfer-encoding.3">6.2</a>, <a href="#rfc.iref.h.13"><b>9.7</b></a>, <a href="#rfc.xref.header.transfer-encoding.4">10.1</a></li>
                         <li>Upgrade&nbsp;&nbsp;<a href="#rfc.xref.header.upgrade.1">3.4</a>, <a href="#rfc.iref.h.14"><b>9.8</b></a>, <a href="#rfc.xref.header.upgrade.2">10.1</a>, <a href="#rfc.xref.header.upgrade.3">B.3</a></li>
-                        <li>Via&nbsp;&nbsp;<a href="#rfc.xref.header.via.1">3.4</a>, <a href="#rfc.iref.h.15"><b>9.9</b></a>, <a href="#rfc.xref.header.via.2">10.1</a></li>
+                        <li>Via&nbsp;&nbsp;<a href="#rfc.xref.header.via.1">2.3</a>, <a href="#rfc.xref.header.via.2">3.4</a>, <a href="#rfc.iref.h.15"><b>9.9</b></a>, <a href="#rfc.xref.header.via.3">10.1</a></li>
                      </ul>
                   </li>
@@ -3939 +3956 @@
             </li>
             <li><a id="rfc.index.V" href="#rfc.index.V"><b>V</b></a><ul>
-                  <li>Via header field&nbsp;&nbsp;<a href="#rfc.xref.header.via.1">3.4</a>, <a href="#rfc.iref.v.1"><b>9.9</b></a>, <a href="#rfc.xref.header.via.2">10.1</a></li>
+                  <li>Via header field&nbsp;&nbsp;<a href="#rfc.xref.header.via.1">2.3</a>, <a href="#rfc.xref.header.via.2">3.4</a>, <a href="#rfc.iref.v.1"><b>9.9</b></a>, <a href="#rfc.xref.header.via.3">10.1</a></li>
                </ul>
             </li>

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -709 +709 @@
    as a layer above some other server(s) and translates the received
    requests to the underlying server's protocol.  Gateways are often
-   used for load balancing, "accelerator" caching, or partitioning
-   HTTP services across multiple machines.  Gateways behave as an origin
-   server on the outbound connection and as a proxy on the inbound
-   connection.  All HTTP requirements applicable to an origin server
-   also apply to the outbound communication of a gateway.  A gateway
-   communicates with inbound servers using any protocol it desires,
-   including private extensions to HTTP that are outside the scope of
-   this specification.  However, an HTTP-to-HTTP gateway that wishes
-   to interoperate with third-party HTTP servers &SHOULD; comply with
-   HTTP proxy requirements on the gateway's inbound connection.
+   used to encapsulate legacy or untrusted information services, to
+   improve server performance through "accelerator" caching, and to
+   enable partitioning or load-balancing of HTTP services across
+   multiple machines.
+</t>
+<t>
+   A gateway behaves as an origin server on its outbound connection and
+   as a user agent on its inbound connection.
+   All HTTP requirements applicable to an origin server
+   also apply to the outbound communication of a gateway.
+   A gateway communicates with inbound servers using any protocol that
+   it desires, including private extensions to HTTP that are outside
+   the scope of this specification.  However, an HTTP-to-HTTP gateway
+   that wishes to interoperate with third-party HTTP servers &MUST;
+   comply with HTTP user agent requirements on the gateway's inbound
+   connection and &MUST; implement the Connection
+   (<xref target="header.connection"/>) and Via (<xref target="header.via"/>)
+   header fields for both connections.
 </t>
 <t><iref primary="true" item="tunnel"/>
@@ -2938 +2946 @@
 <section title="Header Field Definitions" anchor="header.field.definitions">
 <t>
-   This section defines the syntax and semantics of HTTP/1.1 header fields
+   This section defines the syntax and semantics of HTTP header fields
    related to message framing and transport protocols.
 </t>
@@ -2950 +2958 @@
 <t>
    The "Connection" header field allows the sender to specify
-   options that are desired for that particular connection and &MUST-NOT;
-   be communicated by proxies over further connections.
+   options that are desired only for that particular connection.
+   Such connection options &MUST; be removed or replaced before the
+   message can be forwarded downstream by a proxy or gateway.
+   This mechanism also allows the sender to indicate which HTTP
+   header fields used in the message are only intended for the
+   immediate recipient ("hop-by-hop"), as opposed to all recipients
+   on the chain ("end-to-end"), enabling the message to be
+   self-descriptive and allowing future connection-specific extensions
+   to be deployed in HTTP without fear that they will be blindly
+   forwarded by previously deployed intermediaries.
 </t>
 <t>
@@ -2962 +2978 @@
 </artwork></figure>
 <t>
-   HTTP/1.1 proxies &MUST; parse the Connection header field before a
-   message is forwarded and, for each connection-token in this field,
-   remove any header field(s) from the message with the same name as the
-   connection-token. Connection options are signaled by the presence of
-   a connection-token in the Connection header field, not by any
-   corresponding additional header field(s), since the additional header
-   field might not be sent if there are no parameters associated with that
-   connection option.
-</t>
-<t>
-   Message header fields listed in the Connection header field &MUST-NOT; include
-   end-to-end header fields, such as Cache-Control (&header-cache-control;).
+   A proxy or gateway &MUST; parse a received Connection
+   header field before a message is forwarded and, for each
+   connection-token in this field, remove any header field(s) from
+   the message with the same name as the connection-token, and then
+   remove the Connection header field itself or replace it with the
+   sender's own connection options for the forwarded message.
+</t>
+<t>
+   A sender &MUST-NOT; include field-names in the Connection header
+   field-value for fields that are defined as expressing constraints
+   for all recipients in the request or response chain, such as the
+   Cache-Control header field (&header-cache-control;).
+</t>
+<t>
+   The connection options do not have to correspond to a header field
+   present in the message, since a connection-specific header field
+   might not be needed if there are no parameters associated with that
+   connection option.  Recipients that trigger certain connection
+   behavior based on the presence of connection options &MUST; do so
+   based on the presence of the connection-token rather than only the
+   presence of the optional header field.  In other words, if the
+   connection option is received as a header field but not indicated
+   within the Connection field-value, then the recipient &MUST; ignore
+   the connection-specific header field because it has likely been
+   forwarded by an intermediary that is only partially compliant.
+</t>
+<t>
+   When defining new connection options, specifications ought to
+   carefully consider existing deployed header fields and ensure
+   that the new connection-token does not share the same name as
+   an unrelated header field that might already be deployed.
+   Defining a new connection-token essentially reserves that potential
+   field-name for carrying additional information related to the
+   connection option, since it would be unwise for senders to use
+   that field-name for anything else.
 </t>
 <t>
@@ -2996 +3035 @@
    include the "close" connection option in every response message that
    does not have a 1xx (Informational) status code.
-</t>
-<t>
-   A system receiving an HTTP/1.0 (or lower-version) message that
-   includes a Connection header field &MUST;, for each connection-token in this
-   field, remove and ignore any header field(s) from the message with
-   the same name as the connection-token. This protects against mistaken
-   forwarding of such header fields by pre-HTTP/1.1 proxies. See <xref target="compatibility.with.http.1.0.persistent.connections"/>.
 </t>
 </section>
@@ -3470 +3502 @@
   <x:anchor-alias value="Via-v"/>
 <t>
-   The "Via" header field &MUST; be sent by proxies to
+   The "Via" header field &MUST; be sent by a proxy or gateway to
    indicate the intermediate protocols and recipients between the user
    agent and the server on requests, and between the origin server and
-   the client on responses. It is analogous to the "Received" field defined in
-   <xref target="RFC5322" x:fmt="of" x:sec="3.6.7"/> and is intended to be used for tracking message forwards,
+   the client on responses. It is analogous to the "Received" field
+   used by email systems (<xref target="RFC5322" x:fmt="of" x:sec="3.6.7"/>)
+   and is intended to be used for tracking message forwards,
    avoiding request loops, and identifying the protocol capabilities of
    all senders along the request/response chain.
@@ -3497 +3530 @@
 </t>
 <t>
-   The protocol-name is optional if and only if it would be "HTTP". The
+   The protocol-name is excluded if and only if it would be "HTTP". The
    received-by field is normally the host and optional port number of a
    recipient server or client that subsequently forwarded the message.
@@ -3505 +3538 @@
 </t>
 <t>
-   Multiple Via field values represent each proxy that has
+   Multiple Via field values represent each proxy or gateway that has
    forwarded the message. Each recipient &MUST; append its information
    such that the end result is ordered according to the sequence of
@@ -3512 +3545 @@
 <t>
    Comments &MAY; be used in the Via header field to identify the software
-   of the recipient proxy, analogous to the User-Agent and
-   Server header fields. However, all comments in the Via field are
-   optional and &MAY; be removed by any recipient prior to forwarding the
-   message.
+   of each recipient, analogous to the User-Agent and Server header fields.
+   However, all comments in the Via field are optional and &MAY; be removed
+   by any recipient prior to forwarding the message.
 </t>
 <t>
@@ -3529 +3561 @@
 </artwork></figure>
 <t>
-   Proxies used as a portal through a network firewall
-   &SHOULD-NOT;, by default, forward the names and ports of hosts within
-   the firewall region. This information &SHOULD; only be propagated if
-   explicitly enabled. If not enabled, the received-by host of any host
-   behind the firewall &SHOULD; be replaced by an appropriate pseudonym
-   for that host.
+   A proxy or gateway used as a portal through a network firewall
+   &SHOULD-NOT; forward the names and ports of hosts within the firewall
+   region unless it is explicitly enabled to do so. If not enabled, the
+   received-by host of any host behind the firewall &SHOULD; be replaced
+   by an appropriate pseudonym for that host.
 </t>
 <t>
    For organizations that have strong privacy requirements for hiding
-   internal structures, a proxy &MAY; combine an ordered subsequence of
-   Via header field entries with identical received-protocol values into
-   a single such entry. For example,
+   internal structures, a proxy or gateway &MAY; combine an ordered
+   subsequence of Via header field entries with identical received-protocol
+   values into a single such entry. For example,
 </t>
 <figure><artwork type="example">
@@ -3552 +3583 @@
 </artwork></figure>
 <t>
-   Applications &SHOULD-NOT;  combine multiple entries unless they are all
+   Senders &SHOULD-NOT; combine multiple entries unless they are all
    under the same organizational control and the hosts have already been
-   replaced by pseudonyms. Applications &MUST-NOT; combine entries which
+   replaced by pseudonyms. Senders &MUST-NOT; combine entries which
    have different received-protocol values.
 </t>