Changeset 1176 for draft-ietf-httpbis

Timestamp:

Mar 13, 2011, 8:25:25 PM (9 years ago)

Author:

fielding@…

Message:

Use the term octet instead of character where we are talking
about parsing, since HTTP must be parsed as octets. Make sure
there is no ambiguity about how many spaces are allowed on a
request-line or response-line.

Use the term character encoding instead of character set
because it is annoying to use the term incorrectly regardless
of how MIME does it.

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.xml (modified) (21 diffs)
• p3-payload.xml (modified) (7 diffs)

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -427 +427 @@
 </t>
 <t>
-   The OWS rule is used where zero or more linear whitespace characters might
-   appear. OWS &SHOULD; either not be produced or be produced as a single SP
-   character. Multiple OWS characters that occur within field-content &SHOULD;
+   The OWS rule is used where zero or more linear whitespace octets might
+   appear. OWS &SHOULD; either not be produced or be produced as a single
+   SP. Multiple OWS octets that occur within field-content &SHOULD;
    be replaced with a single SP before interpreting the field value or
    forwarding the message downstream.
 </t>
 <t>
-   RWS is used when at least one linear whitespace character is required to
-   separate field tokens. RWS &SHOULD; be produced as a single SP character.
-   Multiple RWS characters that occur within field-content &SHOULD; be
+   RWS is used when at least one linear whitespace octet is required to
+   separate field tokens. RWS &SHOULD; be produced as a single SP.
+   Multiple RWS octets that occur within field-content &SHOULD; be
    replaced with a single SP before interpreting the field value or
    forwarding the message downstream.
@@ -503 +503 @@
 <t anchor="rule.quoted-pair">
   <x:anchor-alias value="quoted-pair"/>
-   The backslash character ("\") can be used as a single-character
+   The backslash octet ("\") can be used as a single-octet
    quoting mechanism within quoted-string constructs:
 </t>
@@ -510 +510 @@
 </artwork></figure>
 <t>
-   Producers &SHOULD-NOT; escape characters that do not require escaping
-   (i.e., other than DQUOTE and the backslash character).
+   Senders &SHOULD-NOT; escape octets that do not require escaping
+   (i.e., other than DQUOTE and the backslash octet).
 </t>
 </section>
@@ -819 +819 @@
 <t>
    The HTTP version number consists of two non-negative decimal integers
-   separated by the "." (period or decimal point) character.  The first
+   separated by a "." (period or decimal point).  The first
    number ("major version") indicates the HTTP messaging syntax, whereas
    the second number ("minor version") indicates the highest minor
@@ -1133 +1133 @@
 </section>
 
-<section title="HTTP Message" anchor="http.message">
+<section title="Message Format" anchor="http.message">
 <x:anchor-alias value="generic-message"/>
 <x:anchor-alias value="message.types"/>
@@ -1143 +1143 @@
 <t>
    All HTTP/1.1 messages consist of a start-line followed by a sequence of
-   characters in a format similar to the Internet Message Format
+   octets in a format similar to the Internet Message Format
    <xref target="RFC5322"/>: zero or more header fields (collectively
    referred to as the "headers" or the "header section"), an empty line
@@ -1168 +1168 @@
 </artwork></figure>
 <t>
-   Whitespace (WSP) &MUST-NOT; be sent between the start-line and the first
-   header field. The presence of whitespace might be an attempt to trick a
-   noncompliant implementation of HTTP into ignoring that field or processing
-   the next line as a new request, either of which might result in security
-   issues when implementations within the request chain interpret the
-   same message differently. HTTP/1.1 servers &MUST; reject such a message
-   with a 400 (Bad Request) response.
+   Implementations &MUST-NOT; send whitespace between the start-line and
+   the first header field. The presence of such whitespace in a request
+   might be an attempt to trick a server into ignoring that field or
+   processing the line after it as a new request, either of which might
+   result in a security vulnerability if other implementations within
+   the request chain interpret the same message differently.
+   Likewise, the presence of such whitespace in a response might be
+   ignored by some clients or cause others to cease parsing.
 </t>
 
@@ -1193 +1194 @@
    client &MUST; include the terminating CRLF octets as part of the
    message-body length. 
+</t>
+<t>
+   When a server listening only for HTTP request messages, or processing
+   what appears from the start-line to be an HTTP request message,
+   receives a sequence of octets that does not match the HTTP-message
+   grammar aside from the robustness exceptions listed above, the
+   server &MUST; respond with an HTTP/1.1 400 (Bad Request) response.  
 </t>
 <t>
@@ -1242 +1250 @@
    A field value &MAY; be preceded by optional whitespace (OWS); a single SP is
    preferred. The field value does not include any leading or trailing white
-   space: OWS occurring before the first non-whitespace character of the
-   field value or after the last non-whitespace character of the field value
+   space: OWS occurring before the first non-whitespace octet of the
+   field value or after the last non-whitespace octet of the field value
    is ignored and &SHOULD; be removed before further processing (as this does
    not change the meaning of the header field). 
@@ -1283 +1291 @@
    Historically, HTTP header field values could be extended over multiple
    lines by preceding each extra line with at least one space or horizontal
-   tab character (line folding). This specification deprecates such line
+   tab octet (line folding). This specification deprecates such line
    folding except within the message/http media type
    (<xref target="internet.media.type.message.http"/>).
@@ -1299 +1307 @@
    In practice, most HTTP header field values use only a subset of the
    US-ASCII character encoding <xref target="USASCII"/>. Newly defined
-   header fields &SHOULD; limit their field values to US-ASCII characters.
+   header fields &SHOULD; limit their field values to US-ASCII octets.
    Recipients &SHOULD; treat other (obs-text) octets in field content as
    opaque data.
@@ -1317 +1325 @@
 <t anchor="rule.quoted-cpair">
   <x:anchor-alias value="quoted-cpair"/>
-   The backslash character ("\") can be used as a single-character
+   The backslash octet ("\") can be used as a single-octet
    quoting mechanism within comment constructs:
 </t>
@@ -1324 +1332 @@
 </artwork></figure>
 <t>
-   Producers &SHOULD-NOT; escape characters that do not require escaping
-   (i.e., other than the backslash character "\" and the parentheses "(" and
+   Senders &SHOULD-NOT; escape octets that do not require escaping
+   (i.e., other than the backslash octet "\" and the parentheses "(" and
    ")").
 </t>
@@ -1547 +1555 @@
   <x:anchor-alias value="Request"/>
 <t>
-   A request message from a client to a server includes, within the
-   first line of that message, the method to be applied to the resource,
-   the identifier of the resource, and the protocol version in use.
+   A request message from a client to a server begins with a
+   Request-Line, followed by zero or more header fields, an empty
+   line signifying the end of the header block, and an optional
+   message body.
 </t>
 <!--                 Host                      ; should be moved here eventually -->
@@ -1562 +1571 @@
   <x:anchor-alias value="Request-Line"/>
 <t>
-   The Request-Line begins with a method token, followed by the
-   request-target and the protocol version, and ending with CRLF. The
-   elements are separated by SP characters. No CR or LF is allowed
-   except in the final CRLF sequence.
+   The Request-Line begins with a method token, followed by a single
+   space (SP), the request-target, another single space (SP), the
+   protocol version, and ending with CRLF.
 </t>
 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Request-Line"/>
@@ -1787 +1795 @@
     </t>
     <t>
-      the character sequence "://",
+      the octet sequence "://",
     </t>
     <t>
@@ -1863 +1871 @@
 <t>
    The first line of a Response message is the Status-Line, consisting
-   of the protocol version followed by a numeric status code and its
-   associated textual phrase, with each element separated by SP
-   characters. No CR or LF is allowed except in the final CRLF sequence.
+   of the protocol version, a space (SP), the status code, another space,
+   a possibly-empty textual phrase describing the status code, and
+   ending with CRLF.
 </t>
 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Status-Line"/>
@@ -2350 +2358 @@
    Product tokens &SHOULD; be short and to the point. They &MUST-NOT; be
    used for advertising or other non-essential information. Although any
-   token character &MAY; appear in a product-version, this token &SHOULD;
+   token octet &MAY; appear in a product-version, this token &SHOULD;
    only be used for a version identifier (i.e., successive versions of
    the same product &SHOULD; only differ in the product-version portion of
@@ -4847 +4855 @@
 </t>
 <t>
-   Clients &SHOULD; be tolerant in parsing the Status-Line and servers
-   &SHOULD; be tolerant when parsing the Request-Line. In particular, they
-   &SHOULD; accept any amount of WSP characters between fields, even though
-   only a single SP is required.
-</t>
-<t>
    The line terminator for header fields is the sequence CRLF.
    However, we recommend that applications, when parsing such headers fields,
@@ -4858 +4860 @@
 </t>
 <t>
-   The character set of a representation &SHOULD; be labeled as the lowest
+   The character encoding of a representation &SHOULD; be labeled as the lowest
    common denominator of the character codes used within that representation, with
    the exception that not labeling the representation is preferred over labeling
@@ -5027 +5029 @@
   Rules about implicit linear whitespace between certain grammar productions
   have been removed; now it's only allowed when specifically pointed out
-  in the ABNF. The NUL character is no longer allowed in comment and quoted-string
+  in the ABNF. The NUL octet is no longer allowed in comment and quoted-string
   text. The quoted-pair rule no longer allows escaping control characters other than HTAB.
   Non-ASCII content in header fields and reason phrase has been obsoleted and

draft-ietf-httpbis/latest/p3-payload.xml

@@ -336 +336 @@
 <section title="Protocol Parameters" anchor="protocol.parameters">
 
-<section title="Character Sets" anchor="character.sets">
-<t>
-   HTTP uses the same definition of the term "character set" as that
-   described for MIME:
-</t>
-<t>
-   The term "character set" is used in this document to refer to a
-   method used with one or more tables to convert a sequence of octets
-   into a sequence of characters. Note that unconditional conversion in
-   the other direction is not required, in that not all characters might
-   be available in a given character set and a character set might provide
-   more than one sequence of octets to represent a particular character.
-   This definition is intended to allow various kinds of character
-   encoding, from simple single-table mappings such as US-ASCII to
-   complex table switching methods such as those that use ISO-2022's
-   techniques. However, the definition associated with a MIME character
-   set name &MUST; fully specify the mapping to be performed from octets
-   to characters. In particular, use of external profiling information
-   to determine the exact mapping is not permitted.
-</t>
-<x:note>
-  <t>
-    <x:h>Note:</x:h> This use of the term "character set" is more commonly
-    referred to as a "character encoding". However, since HTTP and
-    MIME share the same registry, it is important that the terminology
-    also be shared.
-  </t>
-</x:note>
+<section title="Character Encodings (charset)" anchor="character.sets">
+<t>
+   HTTP uses charset names to indicate the character encoding of a
+   textual representation.
+</t>
 <t anchor="rule.charset">
   <x:anchor-alias value="charset"/>
-   HTTP character sets are identified by case-insensitive tokens. The
+   A character encoding is identified by a case-insensitive token. The
    complete set of tokens is defined by the IANA Character Set registry
    (<eref target="http://www.iana.org/assignments/character-sets"/>).
@@ -376 +353 @@
    Although HTTP allows an arbitrary token to be used as a charset
    value, any token that has a predefined value within the IANA
-   Character Set registry &MUST; represent the character set defined
+   Character Set registry &MUST; represent the character encoding defined
    by that registry. Applications &SHOULD; limit their use of character
-   sets to those defined by the IANA registry.
+   encodings to those defined within the IANA registry.
 </t>
 <t>
@@ -1094 +1071 @@
 <t>
    The "Accept-Charset" header field can be used by user agents to
-   indicate what response character sets are acceptable. This field allows
+   indicate what character encodings are acceptable in a response
+   payload. This field allows
    clients capable of understanding more comprehensive or special-purpose
-   character sets to signal that capability to a server which is capable of
-   representing documents in those character sets.
+   character encodings to signal that capability to a server which is capable of
+   representing documents in those character encodings.
 </t>
 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Accept-Charset"/><iref primary="true" item="Grammar" subitem="Accept-Charset-v"/>
@@ -1106 +1084 @@
 </artwork></figure>
 <t>
-   Character set values are described in <xref target="character.sets"/>. Each charset &MAY;
-   be given an associated quality value which represents the user's
-   preference for that charset. The default value is q=1. An example is
+   Character encoding values (a.k.a., charsets) are described in
+   <xref target="character.sets"/>. Each charset &MAY; be given an
+   associated quality value which represents the user's preference
+   for that charset. The default value is q=1. An example is
 </t>
 <figure><artwork type="example">
@@ -1115 +1094 @@
 <t>
    The special value "*", if present in the Accept-Charset field,
-   matches every character set (including ISO-8859-1) which is not
+   matches every character encoding (including ISO-8859-1) which is not
    mentioned elsewhere in the Accept-Charset field. If no "*" is present
-   in an Accept-Charset field, then all character sets not explicitly
+   in an Accept-Charset field, then all character encodings not explicitly
    mentioned get a quality value of 0, except for ISO-8859-1, which gets
    a quality value of 1 if not explicitly mentioned.
@@ -1123 +1102 @@
 <t>
    If no Accept-Charset header field is present, the default is that any
-   character set is acceptable. If an Accept-Charset header field is present,
+   character encoding is acceptable. If an Accept-Charset header field is present,
    and if the server cannot send a response which is acceptable
    according to the Accept-Charset header field, then the server &SHOULD; send
@@ -2544 +2523 @@
    Where it is possible, a proxy or gateway from HTTP to a strict MIME
    environment &SHOULD; translate all line breaks within the text media
-   types described in <xref target="canonicalization.and.text.defaults"/> of this document to the RFC 2049
+   types described in <xref target="canonicalization.and.text.defaults"/>
+   of this document to the RFC 2049
    canonical form of CRLF. Note, however, that this might be complicated
    by the presence of a Content-Encoding and by the fact that HTTP
-   allows the use of some character sets which do not use octets 13 and
-   10 to represent CR and LF, as is the case for some multi-byte
-   character sets.
+   allows the use of some character encodings which do not use octets 13 and
+   10 to represent CR and LF, respectively, as is the case for some multi-byte
+   character encodings.
 </t>
 <t>