Changeset 1323 for draft-ietf-httpbis/latest

Timestamp:

Jul 1, 2011, 9:56:52 AM (8 years ago)

Author:

julian.reschke@…

Message:

add guidance on minimum sizes of protocol elements (see #282)

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.html (modified) (6 diffs)
• p1-messaging.xml (modified) (4 diffs)
• p6-cache.html (modified) (10 diffs)
• p6-cache.xml (modified) (3 diffs)

draft-ietf-httpbis/latest/p1-messaging.html

@@ -677 +677 @@
                <li>11.4&nbsp;&nbsp;&nbsp;<a href="#dns.spoofing">DNS Spoofing</a></li>
                <li>11.5&nbsp;&nbsp;&nbsp;<a href="#attack.proxies">Proxies and Caching</a></li>
-               <li>11.6&nbsp;&nbsp;&nbsp;<a href="#attack.DoS">Denial of Service Attacks on Proxies</a></li>
+               <li>11.6&nbsp;&nbsp;&nbsp;<a href="#attack.protocol.element.size.overflows">Protocol Element Size Overflows</a></li>
+               <li>11.7&nbsp;&nbsp;&nbsp;<a href="#attack.DoS">Denial of Service Attacks on Proxies</a></li>
             </ul>
          </li>
@@ -1275 +1276 @@
       <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.43"></span>  <a href="#rule.quoted-cpair" class="smpl">quoted-cpair</a>    = "\" ( <a href="#core.rules" class="smpl">WSP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> ) 
 </pre><p id="rfc.section.3.2.p.14">Senders <em class="bcp14">SHOULD NOT</em> escape octets that do not require escaping (i.e., other than the backslash octet "\" and the parentheses "(" and ")").
+      </p>
+      <p id="rfc.section.3.2.p.15">HTTP does not place a pre-defined limit on the length of header fields, either in isolation or as a set. A server <em class="bcp14">MUST</em> be prepared to receive request header fields of unbounded length and respond with a 4xx status code if the received header
+         field(s) would be longer than the server wishes to handle.
+      </p>
+      <p id="rfc.section.3.2.p.16">A client that receives response headers that are longer than it wishes to handle can only treat it as a server error.</p>
+      <p id="rfc.section.3.2.p.17">Various ad-hoc limitations on header length are found in practice. It is <em class="bcp14">RECOMMENDED</em> that all HTTP senders and recipients support messages whose combined header fields have 4000 or more octets.
       </p>
       <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;<a id="message.body" href="#message.body">Message Body</a></h2>
@@ -2736 +2743 @@
          attacks. Such cryptography is beyond the scope of the HTTP/1.1 specification.
       </p>
-      <h2 id="rfc.section.11.6"><a href="#rfc.section.11.6">11.6</a>&nbsp;<a id="attack.DoS" href="#attack.DoS">Denial of Service Attacks on Proxies</a></h2>
-      <p id="rfc.section.11.6.p.1">They exist. They are hard to defend against. Research continues. Beware.</p>
+      <h2 id="rfc.section.11.6"><a href="#rfc.section.11.6">11.6</a>&nbsp;<a id="attack.protocol.element.size.overflows" href="#attack.protocol.element.size.overflows">Protocol Element Size Overflows</a></h2>
+      <p id="rfc.section.11.6.p.1">Because HTTP uses mostly textual, character-delimited fields, attackers can overflow buffers in implementations, and/or perform
+         a Denial of Service against implementations that accept fields with unlimited lengths.
+      </p>
+      <p id="rfc.section.11.6.p.2">To promote interoperability, this specification makes specific recommendations for size limits on request-targets (<a href="#request-target" title="request-target">Section&nbsp;4.1.2</a>) and blocks of header fields (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>). These are minimum recommendations, chosen to be supportable even by implementations with limited resources; it is expected
+         that most implementations will choose substantially higher limits.
+      </p>
+      <p id="rfc.section.11.6.p.3">This specification also provides a way for servers to reject messages that have request-targets that are too long (<a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 8.4.15</a> of <a href="#Part2" id="rfc.xref.Part2.12"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) or request entities that are too large (<a href="p2-semantics.html#status.4xx" title="Client Error 4xx">Section 8.4</a> of <a href="#Part2" id="rfc.xref.Part2.13"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>).
+      </p>
+      <p id="rfc.section.11.6.p.4">Other fields (including but not limited to request methods, response status phrases, header field-names, and body chunks) <em class="bcp14">SHOULD</em> be limited by implementations carefully, so as to not impede interoperability.
+      </p>
+      <h2 id="rfc.section.11.7"><a href="#rfc.section.11.7">11.7</a>&nbsp;<a id="attack.DoS" href="#attack.DoS">Denial of Service Attacks on Proxies</a></h2>
+      <p id="rfc.section.11.7.p.1">They exist. They are hard to defend against. Research continues. Beware.</p>
       <h1 id="rfc.section.12"><a href="#rfc.section.12">12.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1>
       <p id="rfc.section.12.p.1">HTTP has evolved considerably over the years. It has benefited from a large and active developer community — the many people
@@ -3594 +3612 @@
       <ul>
          <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/273">http://tools.ietf.org/wg/httpbis/trac/ticket/273</a>&gt;: "HTTP-Version should be redefined as fixed length pair of DIGIT . DIGIT"
+         </li>
+         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/282">http://tools.ietf.org/wg/httpbis/trac/ticket/282</a>&gt;: "Recommend minimum sizes for protocol elements"
          </li>
          <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/283">http://tools.ietf.org/wg/httpbis/trac/ticket/283</a>&gt;: "Set expectations around buffering"
@@ -3820 +3840 @@
             <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
                   <li><em>Pad1995</em>&nbsp;&nbsp;<a href="#rfc.xref.Pad1995.1">7.1.1</a>, <a href="#Pad1995"><b>13.2</b></a></li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.4</a>, <a href="#rfc.xref.Part2.2">4.1.2</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">5.1.1</a>, <a href="#rfc.xref.Part2.5">7.1.2.2</a>, <a href="#rfc.xref.Part2.6">7.1.4</a>, <a href="#rfc.xref.Part2.7">7.2.3</a>, <a href="#rfc.xref.Part2.8">7.2.3</a>, <a href="#rfc.xref.Part2.9">7.2.3</a>, <a href="#rfc.xref.Part2.10">7.2.3</a>, <a href="#rfc.xref.Part2.11">9.8</a>, <a href="#Part2"><b>13.1</b></a><ul>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.4</a>, <a href="#rfc.xref.Part2.2">4.1.2</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">5.1.1</a>, <a href="#rfc.xref.Part2.5">7.1.2.2</a>, <a href="#rfc.xref.Part2.6">7.1.4</a>, <a href="#rfc.xref.Part2.7">7.2.3</a>, <a href="#rfc.xref.Part2.8">7.2.3</a>, <a href="#rfc.xref.Part2.9">7.2.3</a>, <a href="#rfc.xref.Part2.10">7.2.3</a>, <a href="#rfc.xref.Part2.11">9.8</a>, <a href="#rfc.xref.Part2.12">11.6</a>, <a href="#rfc.xref.Part2.13">11.6</a>, <a href="#Part2"><b>13.1</b></a><ul>
                         <li><em>Section 7.1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.5">7.1.2.2</a>, <a href="#rfc.xref.Part2.6">7.1.4</a></li>
                         <li><em>Section 7.9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.2">4.1.2</a></li>
@@ -3828 +3848 @@
                         <li><em>Section 8.2.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.4</a></li>
                         <li><em>Section 8.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.11">9.8</a></li>
-                        <li><em>Section 8.4.15</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.3">4.1.2</a></li>
+                        <li><em>Section 8.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.13">11.6</a></li>
+                        <li><em>Section 8.4.15</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.12">11.6</a></li>
                         <li><em>Section 9.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.8">7.2.3</a>, <a href="#rfc.xref.Part2.9">7.2.3</a></li>
                      </ul>

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -36 +36 @@
   <!ENTITY status-203             "<xref target='Part2' x:rel='#status.203' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY status-3xx             "<xref target='Part2' x:rel='#status.3xx' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY status-4xx             "<xref target='Part2' x:rel='#status.4xx' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY status-414             "<xref target='Part2' x:rel='#status.414' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
 ]>
@@ -1364 +1365 @@
    (i.e., other than the backslash octet "\" and the parentheses "(" and
    ")").
+</t>
+<t>
+   HTTP does not place a pre-defined limit on the length of header fields,
+   either in isolation or as a set. A server &MUST; be prepared to receive
+   request header fields of unbounded length and respond with a 4xx status
+   code if the received header field(s) would be longer than the server wishes
+   to handle.
+</t>
+<t>
+   A client that receives response headers that are longer than it wishes to
+   handle can only treat it as a server error.
+</t>
+<t>
+   Various ad-hoc limitations on header length are found in practice. It is
+   &RECOMMENDED; that all HTTP senders and recipients support messages whose
+   combined header fields have 4000 or more octets.
 </t>
 </section>
@@ -4049 +4066 @@
 </section>
 
+<section title="Protocol Element Size Overflows" anchor="attack.protocol.element.size.overflows">
+<t>
+   Because HTTP uses mostly textual, character-delimited fields, attackers can
+   overflow buffers in implementations, and/or perform a Denial of Service
+   against implementations that accept fields with unlimited lengths.
+</t>
+<t>
+   To promote interoperability, this specification makes specific
+   recommendations for size limits on request-targets (<xref target="request-target"/>)
+   and blocks of header fields (<xref target="header.fields"/>). These are
+   minimum recommendations, chosen to be supportable even by implementations
+   with limited resources; it is expected that most implementations will choose
+   substantially higher limits.
+</t>
+<t>
+   This specification also provides a way for servers to reject messages that
+   have request-targets that are too long (&status-414;) or request entities
+   that are too large (&status-4xx;).
+</t>
+<t>
+   Other fields (including but not limited to request methods, response status
+   phrases, header field-names, and body chunks) &SHOULD; be limited by
+   implementations carefully, so as to not impede interoperability.
+</t>
+</section>
+
 <section title="Denial of Service Attacks on Proxies" anchor="attack.DoS">
 <t>
@@ -5922 +5965 @@
     </t>
     <t>
+      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/282"/>:
+      "Recommend minimum sizes for protocol elements"
+    </t>
+    <t>
       <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/283"/>:
       "Set expectations around buffering"

draft-ietf-httpbis/latest/p6-cache.html

@@ -550 +550 @@
                   </ul>
                </li>
+               <li>1.5&nbsp;&nbsp;&nbsp;<a href="#delta-seconds">Delta Seconds</a></li>
             </ul>
          </li>
@@ -740 +741 @@
   <a href="#abnf.dependencies" class="smpl">pseudonym</a>     = &lt;pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 9.9</a>&gt; 
   <a href="#abnf.dependencies" class="smpl">uri-host</a>      = &lt;uri-host, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>&gt;
-</pre><h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="caching.overview" href="#caching.overview">Cache Operation</a></h1>
+</pre><h2 id="rfc.section.1.5"><a href="#rfc.section.1.5">1.5</a>&nbsp;<a id="delta-seconds" href="#delta-seconds">Delta Seconds</a></h2>
+      <p id="rfc.section.1.5.p.1">The delta-seconds rule specifies a non-negative integer, representing time in seconds.</p>
+      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.1"></span>  <a href="#delta-seconds" class="smpl">delta-seconds</a>  = 1*<a href="#notation" class="smpl">DIGIT</a>
+</pre><p id="rfc.section.1.5.p.3">If an implementation receives a delta-seconds value larger than the largest positive integer it can represent, or if any of
+         its subsequent calculations overflows, it <em class="bcp14">MUST</em> consider the value to be 2147483648 (2<sup>31</sup>). Recipients parsing a delta-seconds value <em class="bcp14">SHOULD</em> use an arithmetic type of at least 31 bits of range, and senders <em class="bcp14">MUST NOT</em> send delta-seconds with a value greater than 2147483648.
+      </p>
+      <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="caching.overview" href="#caching.overview">Cache Operation</a></h1>
       <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="response.cacheability" href="#response.cacheability">Response Cacheability</a></h2>
       <p id="rfc.section.2.1.p.1">A cache <em class="bcp14">MUST NOT</em> store a response to any request, unless: 
@@ -834 +841 @@
          algorithms, but does impose worst-case constraints on their results.
       </p>
-      <div id="rfc.figure.u.3"></div> 
+      <div id="rfc.figure.u.4"></div> 
       <p>The calculation to determine if a response is fresh is:</p>  <pre class="text">   response_is_fresh = (freshness_lifetime &gt; current_age)
 </pre> <p id="rfc.section.2.3.p.6">The freshness_lifetime is defined in <a href="#calculating.freshness.lifetime" title="Calculating Freshness Lifetime">Section&nbsp;2.3.1</a>; the current_age is defined in <a href="#age.calculations" title="Calculating Age">Section&nbsp;2.3.2</a>.
@@ -918 +925 @@
          </li>
       </ol>
-      <div id="rfc.figure.u.4"></div> <pre class="text">  apparent_age = max(0, response_time - date_value);
+      <div id="rfc.figure.u.5"></div> <pre class="text">  apparent_age = max(0, response_time - date_value);
 
   response_delay = response_time - request_time;
   corrected_age_value = age_value + response_delay;  
-</pre> <div id="rfc.figure.u.5"></div> 
+</pre> <div id="rfc.figure.u.6"></div> 
       <p>These are combined as</p>  <pre class="text">  corrected_initial_age = max(apparent_age, corrected_age_value);
 </pre><p id="rfc.section.2.3.2.p.11">The current_age of a stored response can then be calculated by adding the amount of time (in seconds) since the stored response
          was last validated by the origin server to the corrected_initial_age.
       </p>
-      <div id="rfc.figure.u.6"></div><pre class="text">  resident_time = now - response_time;
+      <div id="rfc.figure.u.7"></div><pre class="text">  resident_time = now - response_time;
   current_age = corrected_initial_age + resident_time;
 </pre><h3 id="rfc.section.2.3.3"><a href="#rfc.section.2.3.3">2.3.3</a>&nbsp;<a id="serving.stale.responses" href="#serving.stale.responses">Serving Stale Responses</a></h3>
@@ -1048 +1055 @@
          validated at the origin server. Age values are calculated as specified in <a href="#age.calculations" title="Calculating Age">Section&nbsp;2.3.2</a>.
       </p>
-      <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.1"></span>  <a href="#header.age" class="smpl">Age</a> = <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>
-</pre><div id="rule.delta-seconds">
-         <p id="rfc.section.3.1.p.3">  Age field-values are non-negative integers, representing time in seconds.</p>
-      </div>
-      <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.2"></span>  <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>  = 1*<a href="#notation" class="smpl">DIGIT</a>
-</pre><p id="rfc.section.3.1.p.5">If a cache receives a value larger than the largest positive integer it can represent, or if any of its age calculations overflows,
-         it <em class="bcp14">MUST</em> transmit an Age header field with a field-value of 2147483648 (2<sup>31</sup>). Recipients parsing the Age header field-value <em class="bcp14">SHOULD</em> use an arithmetic type of at least 31 bits of range.
-      </p>
-      <p id="rfc.section.3.1.p.6">The presence of an Age header field in a response implies that a response is not first-hand. However, the converse is not
+      <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.2"></span>  <a href="#header.age" class="smpl">Age</a> = <a href="#delta-seconds" class="smpl">delta-seconds</a>
+</pre><p id="rfc.section.3.1.p.3">Age field-values are non-negative integers, representing time in seconds (see <a href="#delta-seconds" title="Delta Seconds">Section&nbsp;1.5</a>).
+      </p>
+      <p id="rfc.section.3.1.p.4">The presence of an Age header field in a response implies that a response is not first-hand. However, the converse is not
          true, since HTTP/1.0 caches might not implement the Age header field.
       </p>
@@ -1086 +1088 @@
        "no-cache"
      / "no-store"
-     / "max-age" "=" <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>
-     / "max-stale" [ "=" <a href="#rule.delta-seconds" class="smpl">delta-seconds</a> ]
-     / "min-fresh" "=" <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>
+     / "max-age" "=" <a href="#delta-seconds" class="smpl">delta-seconds</a>
+     / "max-stale" [ "=" <a href="#delta-seconds" class="smpl">delta-seconds</a> ]
+     / "min-fresh" "=" <a href="#delta-seconds" class="smpl">delta-seconds</a>
      / "no-transform"
      / "only-if-cached"
@@ -1158 +1160 @@
      / "must-revalidate"
      / "proxy-revalidate"
-     / "max-age" "=" <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>
-     / "s-maxage" "=" <a href="#rule.delta-seconds" class="smpl">delta-seconds</a>
+     / "max-age" "=" <a href="#delta-seconds" class="smpl">delta-seconds</a>
+     / "s-maxage" "=" <a href="#delta-seconds" class="smpl">delta-seconds</a>
      / <a href="#header.cache-control" class="smpl">cache-extension</a>
 </pre><p id="rfc.section.3.2.2.p.2"> <dfn>public</dfn>  <span id="rfc.iref.c.12"></span>  <span id="rfc.iref.p.2"></span>  
@@ -1755 +1757 @@
  ) / ( "s-maxage=" delta-seconds ) / cache-extension
 
-<a href="#rule.delta-seconds" class="smpl">delta-seconds</a> = 1*DIGIT
+<a href="#delta-seconds" class="smpl">delta-seconds</a> = 1*DIGIT
 
 <a href="#header.pragma" class="smpl">extension-pragma</a> = token [ "=" ( token / quoted-string ) ]
@@ -1967 +1969 @@
          </li>
          <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/235">http://tools.ietf.org/wg/httpbis/trac/ticket/235</a>&gt;: "Cache Invalidation only happens upon successful responses"
+         </li>
+         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/282">http://tools.ietf.org/wg/httpbis/trac/ticket/282</a>&gt;: "Recommend minimum sizes for protocol elements"
          </li>
          <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/289">http://tools.ietf.org/wg/httpbis/trac/ticket/289</a>&gt;: "Proxies don't 'understand' methods"
@@ -2019 +2023 @@
                   <li><tt>Grammar</tt>&nbsp;&nbsp;
                      <ul>
-                        <li><tt>Age</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.1"><b>3.1</b></a></li>
+                        <li><tt>Age</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.2"><b>3.1</b></a></li>
                         <li><tt>Cache-Control</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.3"><b>3.2</b></a></li>
                         <li><tt>cache-extension</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.4"><b>3.2</b></a></li>
                         <li><tt>cache-request-directive</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.5"><b>3.2.1</b></a></li>
                         <li><tt>cache-response-directive</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>3.2.2</b></a></li>
-                        <li><tt>delta-seconds</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.2"><b>3.1</b></a></li>
+                        <li><tt>delta-seconds</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.1"><b>1.5</b></a></li>
                         <li><tt>Expires</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>3.3</b></a></li>
                         <li><tt>extension-pragma</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.10"><b>3.4</b></a></li>

draft-ietf-httpbis/latest/p6-cache.xml

@@ -441 +441 @@
 </artwork></figure>
 </section>
-
-</section>
+</section>
+
+<section title="Delta Seconds" anchor="delta-seconds">
+<t>
+   The delta-seconds rule specifies a non-negative integer, representing time
+   in seconds.
+</t>
+<figure><artwork type="abnf2616"><iref item="Grammar" primary="true" subitem="delta-seconds" />
+  <x:ref>delta-seconds</x:ref>  = 1*<x:ref>DIGIT</x:ref>
+</artwork></figure>
+<t>
+   If an implementation receives a delta-seconds value larger than the largest
+   positive integer it can represent, or if any of its subsequent calculations
+   overflows, it &MUST; consider the value to be 2147483648 (2<x:sup>31</x:sup>).
+   Recipients parsing a delta-seconds value &SHOULD; use an arithmetic type of
+   at least 31 bits of range, and senders &MUST-NOT; send delta-seconds with a
+   value greater than 2147483648.
+</t>
+</section>
+
 </section>
 
@@ -1056 +1074 @@
   <x:ref>Age</x:ref> = <x:ref>delta-seconds</x:ref>
 </artwork></figure>
-<t anchor="rule.delta-seconds">
-  <x:anchor-alias value="delta-seconds" />
-  Age field-values are non-negative integers, representing time in seconds.
-</t>
-<figure><artwork type="abnf2616"><iref item="Grammar" primary="true" subitem="delta-seconds" />
-  <x:ref>delta-seconds</x:ref>  = 1*<x:ref>DIGIT</x:ref>
-</artwork></figure>
-<t>
-   If a cache receives a value larger than the largest positive integer it can
-   represent, or if any of its age calculations overflows, it &MUST; transmit
-   an Age header field with a field-value of 2147483648 (2<x:sup>31</x:sup>). 
-   Recipients parsing the Age header field-value &SHOULD; use an arithmetic type of 
-   at least 31 bits of range.
+<t>
+  Age field-values are non-negative integers, representing time in seconds
+  (see <xref target="delta-seconds"/>).
 </t>
 <t>
@@ -2717 +2725 @@
     </t>
     <t>
+      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/282"/>:
+      "Recommend minimum sizes for protocol elements"
+    </t>
+    <t>
       <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/289"/>:
       "Proxies don't 'understand' methods"